Department of Homeland Security Daily Open Source Infrastructure Report

Tuesday, April 20, 2010

Complete DHS Daily Report for April 20, 2010

Daily Report

Top Stories

 WANE 15 Fort Wayne reports that authorities evacuated homes in a mile radius around a train derailment in Edgerton, Ohio on Monday. Thirty-seven cars derailed, and multiple cars were leaking denatured alcohol. (See item 4)

4. April 19, WANE 15 Fort Wayne – (Ohio) Police evacuate homes near train wreck. Authorities are evacuating homes in a mile radius around a train derailment in Edgerton, Ohio. According to the Williams County Sheriff’s Department, 37 cars derailed in Edgerton, Ohio around 9:15 a.m. Monday. Multiple cars are leaking denatured alcohol. The Norfolk and Southern freight train derailed west of County Road 8, near the County Road crossing, between Bryan and Edgerton. So far, no injuries have been reported. Officials say a hazmat team is at the site because of the alcohol leak. Norfolk and Southern officials are investigating the derailment. Officials do not know when the wrecked cars will be cleaned up or how much money is being lost while the tracks are out of service. Source:

 According to the New York Daily News, a massive gang takedown in Queens, New York uncovered a rare alliance between Bloods and Crips and a plot to assassinate cops, authorities said on April 16. (See item 52)

52. April 17, New York Daily News – (New York) Bloods and Crips plot to kill cops discovered in drug and gun ring takedown. A massive gang takedown in Queens, New York, uncovered a rare alliance between Bloods and Crips and a ruthless plot to assassinate cops, authorities said Friday. The revelations came as law enforcement unveiled the chilling results of long-running “Operation Under Siege” - 104 suspects, dozens of guns, two slayings and piles of drugs and cash. The sprawling case was built on wiretaps - including recordings of a gang associate, who blabbed about plans to protect his drug turf by killing cops on patrol. “He intended to position himself on rooftops and shoot police officers who were compromising his business in Far Rockaway and South Jamaica,” the police commissioner said. “Before his deadly plans could be carried out, detectives arrested him and seized a defaced 9-mm. Hi-Point rifle, among other weapons.” The plot was only one facet of an investigation that began two years ago when police and prosecutors began looking into a drugs-and-guns network in Far Rockaway. By Friday, they had arrested 104 people, closed two murder cases, and exposed ties between Far Rockaway Crips and the Bloods in South Jamaica. Source:


Banking and Finance Sector

16. April 18, Orange County Register – (California) Bomb threat empties bank for two hours. The Irvine (California) Police Department is asking for the public’s help in finding the person or persons who left a bomb threat at a Wells Fargo bank, Saturday morning. An employee at the Wells Fargo at 3951 Portola Parkway found a note left outside the door warning of a bomb inside the bank about 9:30 a.m., a police lieutenant said. The bank was evacuated for more than two hours while police and member of the Orange County Sheriff’s Bomb Squad searched the bank with bomb-sniffing dogs. “There was no bomb,” the police lieutenant said. “There are no leads and no suspects.” Source:

17. April 17, Bank Info Security – (National) Regulators close 8 banks. State and federal banking regulators closed eight banks on April 16. TD Bank on April 16 acquired the banking operations of three separate Florida-banking institutions: AmericanFirst Bank, Clermont; First Federal Bank of North Florida, Palatka; and Riverside National Bank of Florida, Fort Pierce. The FDIC estimates that the cost to the Deposit Insurance Fund (DIF) for AmericanFirst Bank will be $10.5 million; for First Federal Bank of North Florida, $6 million; and for Riverside National Bank of Florida, $491.8 million. The FDIC approved the payout of the insured deposits of Lakeside Community Bank, Sterling Heights, Mich. The FDIC estimates the cost of the failure to its DIF Fund to be about $11.2 million. Butler Bank, Lowell, Mass., was closed; the FDIC entered into a purchase and assumption agreement with People’s United Bank, Bridgeport, Conn., to assume all of the deposits of Butler Bank. The FDIC estimates that the cost to the DIF will be $22.9 million. Innovative Bank, Oakland, Calif., was closed; the FDIC entered into a purchase and assumption agreement with Center Bank, Los Angeles, to assume all of the deposits of Innovative Bank. The FDIC estimates that the cost to the DIF will be $37.8 million. Tamalpais Bank, San Rafael, Calif., was closed; the FDIC entered into a purchase and assumption agreement with Union Bank, National Association, San Francisco, to assume all of the deposits of Tamalpais Bank. The FDIC estimates that the cost to the DIF will be $81.1 million. City Bank, Lynnwood, Wash., was closed; the FDIC entered into a purchase and assumption agreement with Whidbey Island Bank, Coupeville, Wash., to assume all of the deposits of City Bank. The FDIC estimates that the cost to the DIF will be $323.4 million. Source:

18. April 17, Associated Press – (Oregon) Bank evacuated after threat, no bomb found. A Wells Fargo bank branch and several surrounding businesses in Aloha, Oregon, were evacuated on April 16 after the bank received a telephoned bomb threat. A section of nearby Highway 8 was temporarily closed as well. A Washington County sheriff’s sergeant said the caller told bank staff to place money in a garbage can just outside the bank or he would set off several bombs he claimed were in the building. Employees did as the caller directed and then called 911. Sheriff’s deputies, the FBI and the Portland police bomb squad responded. No bombs were found and the money was recovered from the spot where the bank employee left it. Source:

19. April 17, Houma Today – (Louisiana) Warning: Watch out for fraudulent, credit card charges. Authorities are investigating reports of an outbreak of credit-card fraud perpetrated against Houma Louisiana-area residents, officials and bankers said. An attorney with the Schwab Law Firm in Houma said she was alarmed on April 14 to find her corporate debit card had been charged with more than $3,000 worth of expenses from Florida theme parks. While visiting Capital One Bank to try and work out the problem, she ran into about five other customers who were there for the same reason. The others reported evidence of local charges and shopping in Mississippi and Florida. A senior operations officer at South Louisiana Bank said the bank detected fraudulent activity on some of its customers’ cards and was able to notify them. He said it looks like a case of so-called “skimming,” where someone collects information from people’s cards and creates fake ones so the data can be used to make purchases. Source:

20. April 16, – (Florida) Fla. financial services company settles over data breach. Florida’s attorney general has announced a settlement with a financial-services company that allegedly exposed the personal information of approximately 5.9 million consumer files during a data breach. Certegy Check Services, Inc., based in St. Petersburg, was alleged to have failed to provide adequate data security for consumer records. Under terms of the settlement, Certegy has agreed to ensure that safeguards are put in place to protect consumer data. Certegy and Fidelity National Card Services, a related company, are subsidiaries of Fidelity National Information Services, Inc. The companies reported in July 2007 that a former company employee had stolen customer data. Certegy promptly notified the attorney general and its consumers of the data thefts and fully cooperated with the attorney general’s investigation. The Certegy employee who perpetrated the crime was convicted of fraud and is currently serving a 57-month sentence in federal prison. Source:

21. April 16, Sun Sentinel – (Florida) FBI looking for Miramar credit union robbers. The FBI on April 16 released photos of three robbers who targeted a credit-union office in Miramar, Florida while one was strapped with a bogus bomb earlier in the week. The robbery took place at about 10:30 a.m. April 12 at the Eastern Financial Federal Credit Union at 2500 S. University Drive. The trio walked into the credit-union office carrying handguns, ordered customers and employees to the ground and demanded money from each teller. One of the robbers, wearing a vest with pipes that looked like an explosive device, took the money from the tellers, then ordered employees to take him into the vault, where he took more money. The two other robbers served as lookouts, then told the third robber in the vault they had to leave right away, the FBI said. The three men fled through the back door, leaving the vest behind. Investigators later determined the bomb to be fake. The robbers were men in their early 20s, wearing dark clothing and black gloves. One had a Yankees hat; another wore a Pittsburgh Pirates cap. The robbery appeared to be related to heists at Regions Bank in Plantation, March 31, Bank of America in Miami Gardens, March 17, and Chase Bank in North Miami Beach, March 15, the FBI said. Source:

Information Technology

55. April 19, The Register – (International) Trojan virus poses as Google Chrome extension. Miscreants have created a Trojan virus that poses as a Google Chrome extension, according to The Register. Spammed messages attempt to dupe prospective marks into trying an add-on that “helps you better organise your documents received in your email.” Interested parties are pointed towards a counterfeit Google Chrome Extensions page, which offers a malware executable. More observant punters will notice that the download is offered in an .exe file and not a .crx Google Chrome extension, The Register indicated. Such markers are easily missed, however. The Trojan horse malware on offer (identified by Romanian security firm BitDefender as the Agent-20577) blocks access to Google and Yahoo webpages. Attempts to reach these sites on infected machines are hijacked and redirected to counterfeit sites. Such trickery is commonly a prelude to either phishing attacks or a technique by the hackers behind the trick to gain affiliate income from scareware slingers or other undesirables. Source:

56. April 19, DarkReading – (International) OWASP issues top 10 web application security risks list. The Open Web Application Security Project (OWASP) Monday issued the final version of its new Top 10 list of application security risks. The list, which was first unveiled in November at the OWASP conference, is a departure from OWASP’s previous lists, which ranked the most commonly found weaknesses and vulnerabilities in Web applications. OWASP’s new list features the most exploitable and likely security risks found in these apps. OWASP reworked the list to provide developers with more of a reality check and understanding of the real threats, OWASP members said. “This is putting it into perspective ... looking at the things that are most likely to be exploited and how useful [this flaw or weakness] would be for an attacker to get access to an application or sensitive information,” said a member of OWASP who worked on the list and who is a security researcher with Rapid7. Source:

57. April 17, – (International) Mac OS X malware turns into botnet. Security researchers have warned that a rash of malware for Mac OS X systems is now being used to run a botnet. The Trojan malware was first spotted in January, and had been bundled into pirated copies of Mac OS software. Researchers noted at the time that the payload included tools which could allow an attacker to remotely take control of an infected system. It now appears as if those components are being put to use. Symantec researchers said that systems infected by the Trojan have been used in at least one denial-of-service attack. Other users are also reporting that their systems are displaying activity caused by the malware. News of the botnet marks what experts have warned is a small but growing crop of malware targeting OS X systems. Source:

58. April 16, Government Computer News – (National) Lessons from Google attacks could help US bolster cyber defense. The U.S. government is responding aggressively to a new generation of advanced cyber threats, such as those used in the recently discovered Aurora attacks, the McAfee chief executive officer said at a public-sector conference, April 15. To improve defenses, security measures must be moved into the cloud, he said. “The effort has been stepped up,” he said, although the efforts are not always visible. There is more public-private cooperation, particularly within the defense and intelligence communities, and responses are now based more on real-time information about the dynamic threat landscape. Speaking in Washington, the CEO said real-time intelligence gathering and response is the key to countering advanced, persistent threats of the kind used in the recently disclosed Aurora attacks against Google and 150 other organizations. Ha called the Aurora attacks highly coordinated and sophisticated, but sloppy in their execution. These advanced, persistent threats are part of a rising tide of malicious activity, he said. “We see a lot more than we’ve ever seen before, and it’s increasing.” McAfee received 34 million samples of malicious code in 2009 and that total is likely to be surpassed this year, he said. Source:

Communications Sector

59. April 19, WLFI 18 Lafayette – (Indiana) Benton County radio station off the air. An Indiana radio station went off the air after some heavy farm equipment knocked over its tower. 98 Gold’s program director said the machinery hit the tower around 8 April 17 in Benton County. The tower then fell onto the transmitter building. The program director said the station will be off the air for at least a few days, while engineers work to remedy the situation. He said the station will still be streaming online at, with regular programming. Source: