Department of Homeland Security Daily Open Source Infrastructure Report

Thursday, June 24, 2010

Complete DHS Daily Report for June 24, 2010

Daily Report

Top Stories

• According to the Woodland Park Herald News, a South Kearny, New Jersey chemical facility has failed to reduce the risk of a catastrophic accident or terrorist attack on the plant, and has grossly underestimated to the government the “worst case scenario” in such an event, environmental activist organization Greenpeace said. (See item 5)

5. June 23, Woodland Park Herald News – (New Jersey) New Jersey chemical plant needs better protection, Greenpeace says. A South Kearny, New Jersey, chemical facility has failed to reduce the risk of a catastrophic accident or terrorist attack on the plant, and has grossly underestimated to the government what the “worst case scenario” would be in such an event, environmental activist organization Greenpeace said. Greenpeace sent a letter to the U.S. Department of Homeland Security and to the company, Kuehne Chemical Co., complaining about lax security after conducting its own “citizen’s inspection” of the facility, which is bordered by the Hackensack River and extends under the Pulaski Skyway. Greenpeace was able to move freely around the perimeter of the plant in daylight without interruption or contact with any plant security or other security personnel.” Greenpeace was able to take pictures of the plant from Greenpeace boats on the Hackensack, from above the plant on the Pulaski Skyway, and in front of the plant’s main gate. In a “worst case” disaster scenario that it was required to report to the federal Environmental Protection Agency, Greenpeace estimated that the catastrophic release of one 90-ton rail car of chlorine gas would put 12 million people at risk within a 14-mile radius of the plant in the New York-New Jersey region. The Greenpeace photos indicated the presence of more than one rail car labeled with chlorine, and the company has reported on-site storage of 2 million pounds of chlorine gas. The president and chief executive officer of Kuehne, was unavailable to comment. The chemical company was cited in 2008 for 31 safety violations and fined nearly $50,000 by the federal government for mishandling chlorine. Source:

• Central Indiana residents fled flooded neighborhoods Tuesday, including in Avon west of Indianapolis after two days of strong thunderstorms caused a retention lake to overflow an earthen dam threatening 32 homes and 16 trailers, the Associated Press reports. Residents in other parts of Indiana and Midwestern states had to deal with flooding and tornadoes brought on by several days of storms. (See item 51)

51. June 22, Associated Press – (National) Storms pelt Midwest, cause flooding in Indiana. Central Indiana residents fled flooded neighborhoods Tuesday, including in Avon west of Indianapolis after two days of strong thunderstorms caused a retention lake to overflow an earthen dam threatening 32 homes and 16 trailers. Residents in other parts of Indiana and Midwestern states had to deal with flooding and tornadoes brought on by several days of storms. The storms that pelted the Midwest weakened as they moved east Tuesday, but the National Weather Service said another wave was moving into Iowa, Illinois, and Indiana. In Edna Mills, about 10 miles east of Lafayette, Ind., officials called for a voluntary evacuation as a small creek rushed over its banks, surrounding about three dozen homes and covering roads. School buses and boats were brought in to help residents who wanted to leave. Further south, water from a retention lake overflowed the Indian Head Lake Dam and forced crews to evacuate nearly 50 residences. Witnesses in central Illinois reported tornadoes near the Indiana border, while flash floods covered roads in Pana, Fulton and Vermilion County. Tornadoes were spotted near Hoopeston and Rossville, and the American Red Cross said 26 families were forced out of their apartments after strong winds blew the roofs off several buildings in Beardstown. The Indianapolis Department of Public Works was offering sandbags to residents. Source:


Banking and Finance Sector

13. June 22, KIRO 7 Seattle – (Washington) Scam ‘Bank’ calls resurface in Thurston County. Police in Thurston County, Washington said they are again receiving reports about automated “bank” calls on cell phones after a rash of similar calls subsided several months ago. The sheriff’s department said bank cardholders are receiving pre-recorded messages on their cell phones stating the call is from the cardholder’s bank. Police said currently, the messages say they are from Evergreen Direct Credit Union and Our Community Credit Union and state that “their debit card has been deactivated due to a billing error.” The message then prompts cardholders to enter their 16-digit, debit-card number and PIN. After the information is entered, the message says the account has been activated. As a result, the cardholder’s account is accessed through ATM activity, by the callers who are based in Spain. The sheriff’s department said banks do not call and ask customers account information, and even if a local phone number appears on caller ID, the call could originate anywhere in the world. Source:

Information Technology

34. June 23, – (International) World Cup continues to drive spam. The World Cup is continuing to play a major role in global spam loads, according to Symantec. The company said in its monthly MessageLabs Intelligence report that throughout the month, the football tournament had been popular not only for pushing spam related to the event, but also for getting unrelated spam messages through filters. Researchers have for weeks been warning that the event would be a popular lure for scams and malware attacks as cybercriminals look to cash in on interest over the tournament. According to Symantec, the World Cup is not only popular for scams, but is also useful for tempting users to open other types of spam as well. The company said that subject lines relating to the World Cup were amongst the most popular for pharmaceutical spam messages. Additionally, World Cup text was being used by spammers to avoid spam filters. The scammers do this by placing lines of text related to the tournaments within the body of a message to confuse signature-based filters that check for message content. Source:

35. June 22, Federal Computer Week – (National) White House plans strategy for better cyber authentication. The U.S. President’s administration plans to release late this week a draft of a new national strategy for improving capabilities to identify and authenticate people, organizations and infrastructure in cyberspace, the White House’s top cyber official said June 22. The National Strategy for Trusted Identities in Cyberspace document lays out goals and objectives to allow for laws, policies and programs to improve the trustworthiness of digital identities in cyberspace, said the White House’s cyber coordinator. The coordinator said the document, now in its second version, would be released June 25 for public comment. Speaking during at the Symantec Government Symposium held in Washington, the coordinator said that the strategy was called for by the President’s review of cyber policy that was completed last year. The strategy builds on work the government has done in identity management under Homeland Security Presidential Directive-12. He also said it recognizes the need to educate users of computer systems. The strategy cannot exist in isolation and it’s going to take a commitment to security, he added. Source:

36. June 22, Computerworld – (International) Mozilla patches 9 Firefox bugs, adds plug-in crash protection. Mozilla June 22 patched nine vulnerabilities, six of them critical, in Firefox 3.6 and Firefox 3.5. But rather than highlighting the security fixes in Firefox 3.6.4, the company instead emphasized the addition of crash protection, a move meant to keep the browser alive when popular plug-ins drop dead. Updates to Firefox 3.6.4 and Firefox 3.5.10 fixed nine flaws for each version, although the total patch count came to 10 because two fixes affected only one of the pair. Six of the nine vulnerabilities for each browser were rated “critical,” Mozilla’s highest threat ranking, indicating that hackers could use them to compromise a system running Firefox, then plant other malware on the machine. Two were labeled “moderate,” the second-lowest rating, while one was tagged as “low.” Source:

37. June 22, Computerworld – (International) Apple leaves iPad vulnerable after monster iPhone patch job. As part of the June 21 iOS 4 upgrade, Apple patched a record 65 vulnerabilities in the iPhone, more than half of them critical. Apple released iOS 4 for the iPhone 3G and 3GS, and the second- and third-generation iPod Touch. However, the first-generation iPhone and iPod Touch, as well as the much newer iPad, may be vulnerable to some or all of the 65 bugs. The new iOS 4 operating system, which launched June 21, can’t be installed on 2007’s iPhone and iPod Touch, and the upgrade is not slated to reach iPad owners until this fall. The bug count is a record for Apple’s iPhone, surpassing the previous high mark of 46 vulnerabilities patched last summer with iPhone OS 3.0. Formerly known as iPhone OS 4, iOS 4 included patches for 35 bugs, or 54 percent of the total, that were tagged with the phrase “arbitrary code execution,” which is Apple’s way of saying the vulnerability is critical and could be used to hijack an iPhone or an iPod Touch. Unlike other software makers, such as Microsoft, Apple does not rank flaws with a threat-scoring system. Most of the patched vulnerabilities were in WebKit, the open-source browser engine that powers Safari on Apple’s mobile devices, as well as Safari for Mac OS X and Windows, and Google’s Chrome browser. Source:

38. June 21, Help Net Security – (International) The truth about social media identity theft. The use of social media can increase consumer vulnerability to identity theft because of the amount and type of personal information people share on these networks. However, consumers do little or nothing to protect themselves, according to a recent study by the Ponemon Institute. Although more than 80 percent of study respondents expressed concern about their security while using social media, more than half of these same individuals admitted they do not take any steps to actively protect themselves. This data clearly demonstrates that while people may acknowledge that security is important, many do nothing to protect their information online. Other key findings from the survey include the following: approximately 65 percent of users do not set high privacy or security settings in their social media sites; more than 90 percent of users do not review a given Web site’s privacy policy before engaging in use; spproximately 40 percent of all respondents share their physical home address through social media applications; and surprisingly, people who have been victims of identity theft are just as likely to be lax in securing their personal information online. Study results from identity-theft victims and non-victims are virtually identical. Source:

Communications Sector

39. June 22, Santa Cruz Sentinel – (California) After fiber-optic sabotage, AT&T builds backup. More than a year after sabotaged fiber-optic cables in South San Jose, California left the county without phone and Internet service, working credit card machines or cash-spitting ATMs, AT&T is building a backup “information highway” over the Santa Cruz Mountains to help prevent a similar outage. The new lines will not be used to enhance local AT&T Internet, television or phone service, he said. Currently, AT&T’s main information cables to Santa Cruz County run from San Jose to Salinas, around the Santa Cruz Mountains and back up the coast, he said. So when a chainsaw-equipped vandal opened a manhole early April 9, 2009, and sliced key fiber-optic lines, he left much of three counties without wireless technology and land-line telephone service until that evening. While the cut cables belonged to AT&T, many were leased to Verizon. As a result, both providers were out of commission. Meanwhile banks closed, coffee shop baristas scribbled credit card numbers to run later and newspaper readers cleaned out racks around town, unable to access the World Wide Web. Law enforcement patrolled cities and the county in force because residents could not call in emergencies. Source:

40. June 22, KVAL 13 Eugene – (Oregon) The secret of the ooze: Who did this? And why. Feynman Group employees are still wondering what suspicious substance was spread around their building on the morning of June 22, which closed the Eugene, Oregon computer-consulting and Web-hosting business for two hours. Investigators and Haz-Mat crews from the Eugene Police Department (EPD) and the Eugene Fire Department collected samples of the noxious yellow liquid and turned them over to Oregon State Police. An EPD spokeswoman did not know when results would be available. One employee was sent to the hospital after being exposed to the substance. A witness noticed the liquid spilling onto the sidewalk from a newspaper delivery box propped near the Feynman Group entrance as he arrived for work. He spotted more yellow liquid spread near the front door and near the door to a computer storage room on the side of the building. Not knowing what he was dealing with, he smelled the liquid and poured the newspaper delivery box out into the parking lot. The liquid smelled like ammonia, then sulfur when it was poured out, he said. It started smoking once poured out. Other than a bad cough that developed after he inhaled the fumes, the man is doing fine. Whatever the substance was, Eugene Police believe it was spread on purpose. Source: