Department of Homeland Security Daily Open Source Infrastructure Report

Wednesday, April 28, 2010

Complete DHS Daily Report for April 28, 2010

As of 6:00 AM Friday the April 28th report has been published and my extract appears below. Well, they finally got it right. When I am not sure. Likely last night. I wonder if we’ll ever see an explanation?

As of 7:00 AM Thursday, April 29, 2010 the DHS perpetuates this error. The April 29th report came out on time and the link for April 28th now produces an error message. Either the report of the 28th was never written or it was not posted correctly as it appears that the rest is automated.

My apologies to all of my readers. As of 4:30 PM Wednesday, April 28, 2010 the DHS has not posted today’s report. If you click on the link above, it will load yesterday’s report. If the DHS ever corrects this matter I will make another complete post at that time.

Daily Report

Top Stories

 The Bradenton Herald reports that a Bradenton, Florida man faces federal charges after trying to commit a murder-for-hire in Tampa on April 23 by blowing up a car using a homemade bomb. FBI agents and local law enforcement arrested the man after an undercover agent witnessed him build a bomb in a Tampa hotel, plant it in a car in downtown Tampa, and press a button he thought would detonate it. (See item 47)

47. April 27, Bradenton Herald – (Florida) Bradenton man charged in bomb plot. A Bradenton man faces federal charges after trying to commit a murder-for-hire in Tampa by blowing up a car using a homemade bomb in exchange for $8,000, according to the FBI and U.S. Attorney’s reports. FBI agents and local law enforcement from the Tampa FBI Joint Terrorism Task Force arrested the man after an undercover agent witnessed him build a bomb in a Tampa hotel, plant it in a car in downtown Tampa, and press a button he thought would detonate it on April 23. But the bomb never went off because he had been supplied with inactive explosives by the undercover officer during an investigation that dates back to March 2009. According to the criminal complaint filed in the U.S. District Court in Tampa, the man’s father contacted the Federal Bureau of Alcohol, Tobacco, Firearms, and Explosives office in Tampa in March 2009 and said his son was “trained in ‘special forces’ type military tactics, considered himself a mercenary, and was proficient in building explosive devices.” A witness said the man told him that he had bomb-making chemicals in 5-gallon buckets on the porch of his mother’s apartment in the Springs of Braden River complex on 51st Street East. Source:

 According to the Associated Press, the Bureau of Reclamation wants public comment on its $705,000 plan to raise the crest of the Anderson Ranch Dam in southwestern Idaho and build a single-lane road to better protect the structure against terrorist attack. (See item 54)

54. April 26, Associated Press – (Idaho) Feds propose security fix on Boise River dam. The Bureau of Reclamation wants public comment on its $705,000 plan to raise the crest of a southwestern Idaho dam and build a single-lane road to better protect the structure against terrorist attack. Anderson Ranch Dam is located east of Boise on the South Fork of the Boise River. The dam road is the main access to the west side of the reservoir, as well as the town of Prairie, and the Trinity Mountains. Following the Sept. 11, 2001 terrorist attacks, however, federal officials concluded the road made the dam vulnerable to vehicle-borne explosives. The proposed project — construction would start next April and last three months — would only be an interim solution, because major changes may eventually be in store for Anderson Ranch Dam to address earthquake and overtopping concerns. Source:


Banking and Finance Sector

11. April 27, New Jersey Local News Service – (New Jersey) Police discover card-skimming devices in Cedar Grove gas pumps. Police found what appeared to be credit card-skimming devices in two gas pumps at an Exxon gas station in Cedar Grove, New Jersey, a township police official said. Police discovered the electronic devices April 20 at the station at 379 Pompton Ave. while following up on a report, according to a police captain. He said that police do not know when the devices were placed there or if any customers were the victim of identity theft due to stolen credit-card information. The Essex County Prosecutor’s Office is assisting with the investigation. Source:

12. April 26, Chico Enterprise Record – (California) ‘Fedora bandit’ robs Gridley Bank of the West branch. The Bank of the West in Gridley, California appears to be the latest institution hit in a string of robberies by a man law-enforcement officials are calling “the fedora bandit.” According to a press release from the Gridley-Biggs Police Department, a man robbed the Bank of the West, at 34 E. Gridley Road in Gridley, at about 2 p.m. April 26. The suspect is about 40-years-old, slim to medium build, wearing a fake goatee, fedora-style hat and “armed with a silver revolver,” the press release stated. After the robbery, the man left on foot, and is believed to have left the scene in a vehicle, which was not identified. Similar robberies have taken place since December, twice at the Bank of the West in Grass Valley (Dec. 22 and March 31), and at Bank of the West branches in South Lake Tahoe (Feb. 18), Kings Beach (March 8) and Carson City (April 12). Source:

13. April 26, Salina Journal – (National) 4 indicted in debit-card scam. Four California residents have been charged with one count of unlawful possession of 247 counterfeit VISA debit cards, and one count of unlawful possession of a credit-card scanner and computer used to manufacture the cards. Authorities allege the crimes occurred April 2 in Trego County, Kansas. The four men were arrested April 2, after a trooper pulled them over on the eastbound lanes of Interstate Highway 70 near milepost 133 for speeding. Two of the men were in a black Mercedes, and the other two were in a cream-colored Mercedes, both rented. The men told the trooper they were on their way to a bachelor party in Chicago. Troopers found four plastic bags containing 247 counterfeit VISA debit cards and a laptop computer in the cream-colored Mercedes. In the black Mercedes, troopers found a machine for reading and encoding debit and credit cards. Source:

14. April 24, Detroit News – (Michigan) Fed team: Mortgage fraud plagues area. Metro Detroit is a hotbed of mortgage scams with a rising number of crooks preying on homeowners desperate to avoid foreclosures, representatives of a federal Financial Fraud Enforcement Task Force, an ad-hoc group of law agencies, said April 23. The task force met with community groups, real estate agents, banking officials and law enforcement agencies in Detroit and launched a Web site called to help consumers identify and report scams. “This was a freight train coming right at us,” said the FBI special agent in charge. The region has 60 cases of fraudulent mortgage behavior. The average scam nabs about $3,000 from a home buyer. The task force’s creation comes as federal and state authorities investigate a wide array of potential wrongdoing linked to the financial crisis. Source:

15. April 24, CBS – (California) ‘Starlet Bandit’ wanted for robbing 5 Los Angeles County banks. The public’s help is needed to identify the so-called “Starlet Bandit” after she robbed five banks the week of April 19 in Los Angeles County. The FBI says she is responsible for a total of seven bank heists in the Los Angeles area since March 2008: March 25, 2008, the Bank of America at 7800 W. Sunset Blvd. in Hollywood; and July 22, 2008, the Bank of America at 7255 Woodman Ave. in Van Nuys. Recently: April 19, the Bank of America at 7255 Woodman Ave. in Van Nuys; April 21, the Bank of America at 7800 W. Sunset Blvd. in Hollywood; April 21, the Chase Bank at 10348 N. Sepulveda in Mission Hills; April 23, the Bank of America at 839 E. Palmdale in Palmdale; April 23, the Chase Bank at 10348 N. Sepulveda in Mission Hills. FBI photos from five of the robberies show a casually dressed, hefty white woman in her 20s in sunglasses, carrying a shoulder bag and holding a cell phone to one ear. “According to witnesses at the banks, the Starlet Bandit approaches the victim teller while talking on her cell phone,” said a statement from the FBI Los Angeles Field Office. The woman has been seen leaving the scene of bank robberies in a white Toyota Avalon with a male driver, and also in a dark sport utility vehicle, similar to a Cadillac Escalade. Source:

For another story, see item 40 below.

Information Technology

40. April 27, Krebs on Security – (International) Fake anti-virus peddlers outmaneuvering legitimate AV. Purveyors of fake anti-virus or “scareware” programs have aggressively stepped up their game to evade detection by legitimate anti-virus programs, according to new data from Google. In a report slated for release April 27, Google said that between January 2009 and the end of January 2010, its malware-detection infrastructure found some 11,000 malicious or hacked Web pages that attempted to foist fake anti-virus on visitors. The search giant discovered that as 2009 wore on, scareware peddlers dramatically increased both the number of unique strains of malware designed to install fake anti-virus, and the frequency with which they deployed hacked or malicious sites set up to force the software on visitors. Fake anti-virus attacks use misleading pop-ups and videos to scare users into thinking their computers are infected and offer a free download to scan for malware. The bogus scanning programs then claim to find oodles of infected files, and victims who fall for the ruse often are compelled to register the fake anti-virus software for a fee in order to make the incessant, malware warnings disappear. Worse still, fake anti-virus programs frequently are bundled with other malware. Victims end up handing their credit or debit card information over to the people most likely to defraud them. Source:

41. April 26, The Register – (International) Users’ passwords exposed by Splunk. Splunk, a kind of Google for business technology that boasts it can help reinforce a user’s security, has exposed the details of major customers to hackers following a Web site slip up. The passwords of customers on were revealed after some debug information leaked on to its production servers. The debug code exposed users passwords to as clear text, the company said. The site contained the e-mails and user names customers had used to register with Splunk. Splunk has reset all affected users’ passwords in what it called an “abundance of caution,” and purged the log files and indexes of users’ active sessions on It advised customers to change the temporary password as soon as possible. Also, Splunk urged those who used their password on other systems or Web sites to also change those passwords. Source:

42. April 26, DarkReading – (International) Microsoft: Enterprises hit hardest by worms; consumers by Trojans and adware. Enterprises and consumers each suffer from different types of malware threats, but both were hit hard by rogue antivirus attacks in 2009, according to data released by Microsoft April 26. Version 8 of the new Microsoft Security Intelligence Report (SIR) for the first time separated enterprise-user and consumer-user, malware-trend data. The report found that enterprise users contract more worms, while consumers contract Trojan viruses and adware. SIR 8 is based on data gathered from 500 million PCs across the globe between July and December 2009. “In the enterprise, worms are more of a problem, which is not a surprise in that you have networks with trusted file shares and USB devices, and they are more susceptible to those transmission mechanisms,” said the general manager of product security in Microsoft’s Trustworthy Computing group. “This is the first time we have had data allowing us to separate [enterprise and consumer machines] and show differences [in malware prevalence.]” Worms were found in 32 percent of enterprise PCs, followed by miscellaneous Trojans (18 percent), unwanted software (16 percent), Trojan downloaders and droppers (13 percent), password-stealers and monitoring tools (7 percent), backdoor programs (5 percent), viruses (4 percent), exploits (3 percent), adware (3 percent), and spyware (1 percent). Source:

Communications Sector

43. April 27, Tri-state Daily News – (Arizona; California; Nevada) Major fiber cut brings down NPG services over wide area. NPG Cable’s Internet and phone service went down around 11 a.m. April 26, affecting customers over a widespread area, according to the firm’s district manager. “It took down Kingman, Bullhead, and Lake Havasu (Arizona), Parker and Blythe (California) as well. Probably close to 20,000 customers at least, just phone and Internet, probably quite a bit more than that,” he said. Portions of Las Vegas also were affected, the district manager said. “The provider of bandwidth to this area, Level Three, had a major fiber cut,” in the Goodyear, Arizona, area, he said. The district manager was not sure what caused it. NPG was able to get phone service restored before the Internet, he said. As of 6:15 p.m., Monday, technicians still were splicing the 108-count fiber in Goodyear. The district manager said the situation also affected several other companies, including microwave feeds for some Phoenix channels. An e-mail from the NPG chief operating officer to the Daily News indicated the possible cause to be vandals cutting a 100-foot section of fiber in an apparent attempt to steal copper. Source:

44. April 27, Stewart Houston Times – (Tennessee) AT&T copper thefts under investigation. An investigation is ongoing into recent copper thefts from AT&T junction boxes in Stewart County, Tennessee, according to the Stewart County sheriff. Information received from his office indicates that AT&T is offering a substantial reward for information leading to the arrest and conviction of those responsible. The reward will expire May 31. The sheriff said that seven thefts occurred in the Indian Mound and Bumpus Mills areas between March 29 and April 5. According to an AT&T market manager, the amount of copper stolen has ranged from less than 100 feet to more than 1,000 feet. She said that the thieves are most likely selling the copper. She did not have a monetary value of the goods stolen, but she said that it is more than just money involved — of concern is the disruption to voice and data communications as well as emergency calls. The sheriff said that an area AT&T technician discovered the thefts after customers would call because of an interruption in phone service. Source:

45. April 27, Los Angeles Daily News – (California) T-Mobile service restored after customers reported outages in L.A., I.E. Service was restored to normal for T-Mobile customers in the Los Angeles and Inland Empire areas April 26, after many of the company’s wireless users reported getting spotty or no coverage. Customers tweeted about the problems and even a few commented at LA Weekly. Another customer said he received “all circuits are busy” audio messages when trying to use his mobile phone. A T-Mobile rep e-mailed LA Weekly April 26 to say things were back to normal. “Earlier today, some T-Mobile customers in parts of Los Angeles may have experienced intermittent data and voice service disruptions,” reads the company’s statement. “T-Mobile’s Rapid Response team has restored full service to the area.” Source:

46. April 26, Kansas City Star – (Kansas) Brazen burglary knocks KMBC off the air. Someone recently broke into the KMBC’s high-voltage transmitter facility in Kansas City and stole copper tubing. Police responding to a burglar alarm April 25 found a large section of 2-inch conduit cut away from the side of the transmitter building and green coolant everywhere. The tubing was part of KMBC’s transmitter; it circulated coolant around two, $40,000 tubes that send the station’s sound and pictures through the air. A gauge that detected the sudden loss in water pressure shut down the transmitter. Whether it happened in time to save the tubes is a question that the KMBC-KCWE director of engineering said would not be known until April 26 at the earliest. If the tubes can not be saved, the damage to the site could reach $100,000. One thing the director is sure of: Either the robbers knew exactly what they were doing or were incredibly brazen. The burglary also may have violated federal law, according to a communications lawyer of the Washington, D.C. firm Garvey Schubert Barer. “If it is maliciously done with the intent of damaging the tower, that is a federal criminal offense,” he said. Source: