Department of Homeland Security Daily Open Source Infrastructure Report

Friday, May 14, 2010

Complete DHS Daily Report for May 14, 2010

Daily Report

Top Stories

 According to the Associated Press, an explosion rattled Cleveland and its suburbs on Wednesday, destroying three houses, damaging at least 12 others, and injuring at least 11 people, though none seriously. Dominion East Ohio crews were canvassing the area for gas leaks and shut off service to 17 homes as a safety measure. (See item 4)

4. May 12, Associated Press – (Ohio) Blast levels 3 Cleveland homes; 11 people hurt. An explosion rattled Cleveland and its suburbs on Wednesday, destroying three houses, damaging at least 12 others, and injuring at least 11 people, though none seriously, authorities said. The blast around 8 a.m. demolished an apparently unoccupied home, leaving a hole. Only the chimney was left of one adjacent home, and another had just one wall standing. Authorities evacuated the street where the explosion occurred, located on the city’s east side, and were checking for leaking natural gas. City and federal authorities were trying to determine the cause of the blast. A Fire Department spokesman said the injuries were minor, mostly burns. MetroHealth Medical Center said it received six adults and five children from the scene. People living in suburbs at least 10 miles away reported feeling the explosion. A spokesman for Dominion East Ohio said crews were canvassing the area for gas leaks and shut off service to 17 homes as a safety measure. A public school located in the neighborhood closed for the day before students arrived. Source:

 WTAP 5 Parkersburg reports that four workers were injured Wednesday after a dumpster outside the Felman Productions ferroalloy plant in Letart in Mason County, West Virginia caught fire and sparked a small explosion. (See item 10)

10. May 12, WTAP 5 Parkersburg – (West Virginia) Dumpster fire ignites explosion. The West Virginia Division of Homeland Security and Emergency Management received a report of a hazardous materials incident at the Felman Productions Plant, a ferroalloy plant located in Letart in Mason County, West Virginia. At approximately 12:50 Wednesday afternoon, a dumpster outside the plant caught fire and sparked a small explosion. Four people have been reported injured and are being treated at Pleasant Valley Hospital in Point Pleasant. Their injuries are not believed to be life-threatening at this time. A hazmat crew with the state Department of Environmental Protection is en route to the Mason County plant. Felman Production is a producer of ferrosilicomanganese. That product is used as a steel deoxidizer and alloy additive. Source:


Banking and Finance Sector

12. May 12, Computerworld – (International) PCI Security Council updates requirements for payment card devices. The council that administers the Payment Card Industry Data Security Standard today released new requirements that vendors of payment card devices will be expected to incorporate into their products going forward. The new requirements are in the latest version of the council’s PIN Transaction Security (PTS) requirements and are designed to bolster security on retail point-of-sale card readers and unattended kiosks and payment terminals, such as those found at airports and gas stations. Version 3.0 of the PCI council’s PTS includes three new modules to secure sensitive card data for device vendors and their customers. One of the modules contains requirements pertaining to the secure reading and exchange of data on payment-card devices. The requirements would enable the secure reading and encryption of sensitive cardholder data at the point where a credit or debit card is swiped. A second module spells out the security standards that device vendors will be expected to follow while integrating all of the different components that make up an unattended point-of-sale device that accepts PIN-based debit-card transactions. The third module, called Open Protocols, contains a set of new requirements related to wireless-enabled payment-card devices. Source:

13. May 12, Wall Street Journal – (New York) Wall Street probe widens. Federal prosecutors, working with securities regulators, are conducting a preliminary criminal probe into whether several major Wall Street banks misled investors about their roles in mortgage-bond deals, according to a person familiar with the matter. The banks under early-stage criminal scrutiny — J.P. Morgan Chase & Co., Citigroup Inc., Deutsche Bank AG and UBS AG — have also received civil subpoenas from the Securities and Exchange Commission (SEC) as part of a sweeping investigation of banks’ selling and trading of mortgage-related deals, the person said. Under similar preliminary criminal scrutiny are Goldman Sachs Group Inc. and Morgan Stanley, as previously reported by The Wall Street Journal. The Manhattan U.S. Attorney’s office and SEC are working hand-in-hand. At issue is whether the Wall Street firms made proper representations to investors in marketing, selling and trading pools of mortgage bonds called collateralized debt obligations, or CDOs. Many major Wall Street banks created CDOs at the behest of players that made bets against the deals — and banks themselves sometimes bet against the deals. Bearish bets paid off when the mortgage market crashed. Federal prosecutors, along with securities regulators, are pursuing a preliminary criminal probe into whether several Wall Street banks misled investors on mortgage-bond deals. Source:

14. May 12, Computerworld – (International) House Committee fails to find smoking gun on market plunge. The U.S. House of Representatives Financial Services Subcommittee on Capital Markets failed to pinpoint any single cause for last week’s stock market plummet that sent the Dow Jones Industrial Index plunging almost 1,000 points in a half hour. The committee held several hearings May 11, during which members questioned the heads of the U.S. Securities and Exchange Commission (SEC), New York Stock Exchange and Nasdaq in an attempt to gain some insight on what caused the precipitous drop. The Dow fell to 9,872 points in a half hour May 6. As quickly as the market dropped, it suddenly and dramatically reversed itself, recovering 543 points in approximately a minute and a half, to 10,415.65, and ended the day down 347.80 points from the previous day’s close. The SEC chairman told the committee she was “committed to finding effective solutions in the very near term,” and also said an existing agreement with major exchanges was in the process of strengthening trading restraints with regards to big market fluctuations. Industry experts said it was obvious that there was some sort of “algorithmic error” in the computerized-trading systems that caused the pricing in the markets to collapse. Some blamed the anomaly on a trader attempting to short-sell 16 million shares of S&P 500 stock, but instead of entering a “M” for million, he entered a “B” for billion. That error allegedly sent high-frequency traders scurrying, causing liquidity to vanish. Whatever the error, experts have said it was very likely exacerbated by a market made more volatile by high-speed trades and automatic-sale orders that are measured in milliseconds, instead of seconds or minutes with a manual system. Source:

15. May 10, KMGH 7 Denver – (Colorado) Portfolio bandit strikes again. A bank robbery May 8 in Westminster, Colorado is believed to have been carried out by a man the FBI has dubbed the “Portfolio Bandit.” According to the FBI, the Portfolio Bandit is believed responsible for 12 bank robberies in the Denver metro area since last December. The FBI dubbed the robber the “Portfolio Bandit” because he pulls a holdup note out of a black portfolio folder and gives it to the teller. During three previous robberies, the robber “simulated a weapon” in his coat or waistband; however, no weapon has been seen, according to the FBI. Source:

16. May 10, KGTV 10 San Diego – (California) Police: Woman robbed 3 banks within 2 hours. A heavyset woman in blue jeans and a sun hat is believed to have robbed a Mission Valley, California bank and an East County credit union in less than an hour May 10 before making an aborted attempt to rob an Oak Park-area bank about 20 minutes later, authorities said. The first heist took place at a Wells Fargo branch office in the 5600 block of Mission Center Road about 9:45 a.m., according to the FBI. The thief, described as an overweight woman in her mid- to late 20s or early 30s, fled with an undisclosed amount of cash. About 50 minutes later, a similar-looking woman robbed a Mission Federal Credit Union office in the 3800 block of Avocado Boulevard in Rancho San Diego, the federal agency reported. Just before 11 a.m., a female robber of the same description demanded cash from a teller at a Chase Bank in the 3400 block of College Avenue, but suddenly turned around and walked off before the employee was able to comply, according to the FBI. Witnesses described the thief in all three cases as an approximately 5-foot-9-inch, 150- to 180-pound white woman with shoulder-length blond hair. She was carrying a black purse and wearing blue jeans, a purple-checked blouse with a white collar, a black sweater with the lowercase letters “sd” or “sp” on the front, a “floppy” light-colored hat, square sunglasses with white frames and some type of tape on her fingertips. During each of the robberies, she handed a demand note to a cashier and claimed to have a gun, though none was seen. Source:

Information Technology

55. May 13, IDG News Service – (International) European officials chastise Facebook privacy settings. Facebook made “unacceptable” changes to its privacy settings at the end of last year that are detrimental to users, a coalition of European data protection officials warned the social-networking sites May 12. The warning, contained in a letter to Facebook from the Article 29 Data Protection Working Party, could spell more difficulties for Facebook, which was hit with a complaint by U.S. regulators over similar concerns earlier this month. The working party told Facebook of the need for default settings that would only allow access to profile information and friends to self-selected contacts, and that access by search engines should be the explicit choice of users. Facebook has moved to make even more of its users’ information publicly available. The defaults settings are typically the most permissive, and users must manually change to more restrictive settings. Privacy groups have said the settings are confusing, frequently change and some users aren’t aware of the options, putting their personal data at risk. Source:

56. May 12, The Register – (International) ‘Tamper evident’ CPU warns of malicious backdoors. Scientists have devised a chip design to ensure microprocessors have not been surreptitiously equipped with malicious backdoors that could be used to siphon sensitive information or receive instructions from adversaries. The on-chip engines at the heart of these “tamper evident microprocessors” are the computer equivalent of cellophane shrink wrap or aluminum seals that flag food or drug packages that have been opened by someone other than the consumer. They are designed to monitor operations flowing through a CPU for signs its microcode has been altered by malicious insiders during the design cycle. The design, made public this week at the 31st IEEE Symposium on Security & Privacy, comes as an investigation by Engineering & Technology magazine reported that at least 5 percent of the global electronics supply chain includes counterfeit elements that could “cause critical failure or can put an individual’s data at risk,” according to The Inquirer. While most of that appears to be coming from grey-market profiteers, analysts have long fretted that bogus routers and microprocessors could pose a threat to national security. Source:

57. May 12, DarkReading – (International) Two-thirds of all phishing attacks generated by a single criminal group, researchers say. Like convenience stores and fast-food restaurants, phishing is no longer a mom-and-pop operation, according to a study released today. A single crime syndicate dubbed “Avalanche” was responsible for some 66 percent of the phishing traffic generated in the second half of 2009, according to a report published by the Anti-Phishing Working Group (APWG). “Avalanche” is the name given to the world’s most prolific phishing gang and to the infrastructure it uses to host phishing sites, according to APWG. “This criminal enterprise perfected a system for deploying mass-produced phishing sites, and for distributing malware that gives the gang additional capabilities for theft,” the study said. Avalanche successfully targeted some 40 banks and online service providers, as well as vulnerable or nonresponsive domain name registrars and registries, in the second half of 2009, according to APWG. Avalanche could be a successor to the “Rock Phish” criminal operation, which became notorious between 2006 and 2008, APWG said. Avalanche was first seen in December 2008, and was responsible for 24 percent of the phishing attacks recorded in the first half of 2009, the study said. “Avalanche uses the Rock’s techniques but improves upon them, introducing greater volume and sophistication,” it said. To speed its spread of attacks, Avalanche runs on a botnet and uses fast-flux hosting that makes mitigation efforts more difficult, APWG said. “There is no ISP or hosting provider who has control of the hosting and can take the phishing pages down, and the domain name itself must be suspended by the domain registrar or registry,” the report noted. Source:

58. May 12, Mashable – (International) Facebook attracts more phishing attacks than Google and IRS. New research from Kaspersky Lab shows that the number of phishing attacks on social networks has increased in the first quarter of 2010, especially at Facebook, the fourth most popular online target. The primary target is PayPal, the victim of more than half (52.2 percent) of all phishing attacks. EBay is the second most targeted organization at 13.3 percent, and HSBC rounds out the top three with a 7.8-percent share. The report also revealed that links to phishing sites appear in 0.57 percent of all mail traffic. Facebook’s presence on the top 10 list — it is the target of 5.7 percent of attacks — comes as no surprise given the string of widely publicized phishing attacks in recent months. Most recently, a board member saw his account compromised in a phishing attack that was perpetuated via a misleading Facebook event invitation. What’s even more remarkable, however, is that Facebook is a more popular target than Google and the IRS. Google ranks fifth on the list of organizations, accounting for 3.1 percent of the phishing pie, while the IRS attracts 2.2 percent of attacks. Source:

Communications Sector

59. May 12, The New New Internet – (National) Telecom DoS hides cyber crime. The recent spike in unsolicited and mysterious telephone calls may be part of a new scheme to use telecommunications distributed denial of service (DDoS) attacks to distract individuals from ongoing cyber crime, the FBI warned recently. According to the FBI, cyber criminals are using telephone calls to mobile and land lines to distract victims from the attempts by criminals to empty their bank and trading accounts. The attacks, known as telephony denial-of–service (TDOS), have surged in recent weeks, according to telecom companies working with the FBI. Using automated systems, cyber crooks place calls to prospective victims, and while the victim is distracted by the call, the criminals transfer funds from the victim’s bank or trading accounts. As a result, financial institutions that detect the fraud are unable to get in touch with the victim until it is too late. “Following that first incident in November 2009, we have recently seen an increase in this activity targeting our customers across the country,” said the associate director of global fraud management for AT&T. Source: