Department of Homeland Security Daily Open Source Infrastructure Report

Tuesday, July 13, 2010

Complete DHS Daily Report for July 13, 2010

Daily Report

Top Stories

• Residents displaced by a chemical leak in Farmington, New Mexico, can seek shelter at Bluffview Elementary School, KRQE 13 in Albuquerque reports. The battalion chief with the Farmington Fire Department said there may be as many as 100 people who can still not return to their homes after 1,500 to 2,000 gallons of hydrochloric acid leaked from a holding tank at the Schlumberger plant the evening of July 11. (See item 7)

7. July 12, KRQE 13 Albuquerque – (New Mexico) Chemical leak at Farmington plant. Residents displaced by a chemical leak in Farmington, New Mexico, can seek shelter at Bluffview Elementary School. The battalion chief with the Farmington Fire Department said there may be as many as 100 people who can still not return to their homes after 1,500 to 2,000 gallons of hydrochloric acid leaked from a holding tank at the Schlumberger plant the evening of July 11. The fire department had hoped to lift all shelter in place orders by midnight, but the battalion chief said the cleanup is going to take longer than expected. Just before 6 p.m. Sunday, two workers at the Schlumberger plant noticed the chemical was leaking out of its holding tank and into a containment pit. The Farmington Fire Department’s haz-mat crew was called in to assess the situation. They went in to try and pump the leaking acid into a tank to haul it away, but the chief said when they got in there it was discovered the pumps and hoses were not working properly. Source: http://www.krqe.com/dpp/news/chemical-leak-at-farmington-plant

• According to The Associated Press, a gunman opened fire at an Albuquerque fiber-optics manufacturer July 12, killing six people and wounding four others before killing himself in what police said was a domestic violence dispute. The shooting at Emcore Corp. appeared to involve the gunman’s ex-wife or girlfriend, who was among the dead, the police chief said. (See item 16)

16. July 12, Associated Press – (New Mexico) Police: 6 dead, 4 wounded in Albuquerque shooting. A gunman opened fire at an Albuquerque fiber optics manufacturer July 12, killing six people and wounding four others before killing himself in what police said was a domestic violence dispute. The shooting at Emcore Corp. appeared to involve the gunman’s ex-wife or girlfriend, who was among the dead, the police chief said. The gunman was a former employee. Chaos unfolded as the gunman opened fire, sending employees fleeing for cover as police locked down the entire neighborhood. Police said 85 employees were later taken to a community center for interviews with detectives. Six victims were taken to University of New Mexico Hospital. Emcore manufactures components that allow voice, video and data transmission over fiber optic lines. They also manufacture solar power systems for satellite and ground-based systems. Based in Albuquerque, the company has about 700 full-time employees. Source: http://www.google.com/hostednews/ap/article/ALeqM5gGyymIn9tYQq6i5YEfDoNvuRRnfQD9GTLNQ00

Details

Banking and Finance Sector

22. July 11, Network World – (International) Newest attack on your credit card: ATM shims. Shimming is the newest con designed to skim a person’s credit card number, PIN and other info when one swipes a card through a reader like an ATM machine. The shim is the latest attack being used by criminals to steal info at the ATM or other Pin Entry Device. According to Diebold, “The criminal act of card skimming results in the loss of billions of dollars annually for financial institutions and card holders. Card skimming threatens consumer confidence not only in the ATM channel, but in the financial institutions that own compromised ATMs as well.” Shimming works by compromising a perfectly legitimate card reader (like an ATM) by inserting a very thin flexible circuit board through the card slot that will stick to the internal contacts that read card data. The shim is inserted using a “carrier card” that holds the shim, inserts it into the card slot and locks it into place on the internal reader contacts. The carrier card is then removed. Once inserted, the shim is not visible from the outside of the machine. The shim then performs a man-in-the-middle attack between an inserted credit card and the circuit board of the ATM machine. Source: http://www.networkworld.com/community/node/63544


23. July 10, Bank Info Security – (National) Four banks closed on July 9. Federal and state banking regulators closed four banks July 9, raising the number of failed institutions to 100 so far in 2010. Bay National Bank, Baltimore, Maryland, was closed by the Office of the Comptroller of the Currency (OCC), which appointed the Federal Deposit Insurance Corp. (FDIC) as receiver. The FDIC entered into a purchase and assumption agreement with Bay Bank, FSB, Lutherville, Maryland, to assume all deposits of Bay National Bank. The FDIC estimates the cost to the Deposit Insurance Fund (DIF) will be $17.4 million. The FDIC has approved the payout of the insured deposits of Ideal Federal Savings Bank. The bank was closed by the Office of Thrift Supervision, which appointed the FDIC as receiver. The FDIC estimates the cost to the DIF will be $2.1million. USA Bank, Port Chester, New York, was closed by the New York State Banking Department, which appointed the FDIC as receiver. The FDIC entered into a purchase and assumption agreement with New Century Bank (doing business as Customer’s 1st Bank), Phoenixville, Pennsylvania, to assume all of the deposits of USA Bank. The FDIC estimates the cost to the DIF will be $61.7 million. Home National Bank, Blackwell, Oklahoma, was closed by the OCC, which appointed the FDIC as receiver. The FDIC entered into a purchase and assumption agreement with RCB Bank, Claremore, Okla., to assume all of the deposits of Home National Bank. In a separate transaction with the FDIC, Enterprise Bank & Trust, Clayton, Mo., agreed to purchase approximately $260.8 million of Home National Bank’s assets. The FDIC will retain the remaining assets for later disposition. The FDIC estimates the cost to the DIF will be $78.7 million. Source: http://www.bankinfosecurity.com/articles.php?art_id=2737


24. July 9, The H Security – (International) Visa recommends weighing card readers to detect tampering. According to reports, Visa has revoked security approval for two Ingenico card readers (3070MP01 and i3070EP01), apparently in response to successful modification by skimmers. By introducing additional electronic components, the skimmers were able to store and later retrieve credit card details and PIN numbers. The compromised PIN entry devices (PEDs) are reported to be old models primarily used in the United states. Visa has also published a list of other PEDs which do not meet the PCI standard and are frequent targets of skimming attacks. Although this type of attack is not a new phenomenon, Visa’s response is, according to industry experts, surprising. The report states that this is the first time a specific vendor has been named and the first time Visa has admitted that a PCI-compliant retailer has fallen victim to an attack. The specifications contained in the Payment Card Industry Data Security Standard (PCI DSS) are intended to prevent attacks on computers and credit card systems. Although the number of compromised PEDs appears to be on the rise, an internal Visa memo states that approval of the devices was revoked as a purely precautionary measure. Source: http://www.h-online.com/security/news/item/Visa-recommends-weighing-card-readers-to-detect-tampering-1035293.html


25. July 9, New Orleans Times-Picayune – (Louisiana) Telephone debit card scam rampant in St. Charles Parish. The sheriff of St. Charles Parish, Louisiana warned residents July 9 about a telephone scam asking people for their debit card numbers. Residents throughout the parish have reported receiving automated telephone calls, purportedly from the First National Bank of St. Charles that show a local number on caller ID. The recorded message advises that the resident’s debit card has been canceled and asks the resident to punch in his or her debit card number to have it reinstated. Armed with such information, thieves have been able to steal money. The sheriff said the calls are originating from a Web-based system and are virtually untraceable. He has verified that several residents have become victims of the scam. A flurry of calls disrupted the switchboard at St. Charles Parish Hospital July 6. Source: http://www.nola.com/crime/index.ssf/2010/07/telephone_debit_card_scam_ramp.html


26. July 9, Annapolis Capital – (Maryland) Police uncover fake credit card operation. Anne Arundel County, Maryland police on foot patrol recently discovered a phony credit-card operation while investigating an illegally parked sports car outside a convenience store in Annapolis. Three Brooklyn, New York men were arrested at the scene and charged with creating more than 70 faux cards. Detectives now are piecing together how the fake plastic was made and whether identities were stolen in the process, said a county police spokesman. Police searched a vehicle that was parked in a no parking zone, finding a digital scale with suspected marijuana residue inside the glove box. The officers also found a black Nike shoe box in the trunk with 33 credit cards inside. Several of the credit cards did not have holograms or security codes and appeared to be forged, police said. Source: http://www.hometownannapolis.com/news/top/2010/07/09-18/Police-uncover-fake-credit-card-operation.html


Information Technology


52. July 12, The New New Internet – (International) Spammers made June ‘Month of Malware’. The loss of several zombie networks due to legal actions caused spammers to up their criminal activities to make up for lost revenue, making June the month of malware, according to Symantec’s State of Spam & Phishing Report of June. In 2010, malware levels never rose above 3 percent of all spam, even on days when malware spam increased. In June, however, malware spam made up almost 12 percent of all spam on the 13th, and topped 5 percent on the 3rd and 15th. Phishing Web sites created by automated toolkits increased about 123 percent from May. The number of non-English phishing sites also grew by 15 percent. Among non-English phishing sites, French and Italian continued to be higher in June. Phishing in French increased by one-fourth, mainly in the E-commerce sector. Source: http://www.thenewnewinternet.com/2010/07/12/spammers-made-june-month-of-malware/


53. July 12, The Register – (International) Apple ranks first in surging security bug count. The number of vulnerabilities in the first half of 2010 was close to the number recorded in the whole of 2009, security-notification firm Secunia reports. Apple ranks first, ahead of runner-up Oracle, and Microsoft in the number of security bugs found in all products. During the first six months of 2010, Secunia logged 380 vulnerabilities within the top-50 most prevalent packages on typical end-user PCs, or 89 percent of the figure for the entire year of 2009. Secunia believes the security threat landscape is shifting from operating system vulnerabilities to bugs in third-party applications. Secunia reckons a typical end-user PC with 50 programs installed will be faced with 3.5 times more security bugs in the 24 third-party programs running on their systems, than in the 26 Microsoft programs installed. Secunia expects this ratio to increase to 4.4 in 2010. Patching to defend against these vulnerabilities is further complicated by the 13 different software-update mechanisms running on each PC. Source: http://www.theregister.co.uk/2010/07/12/secunia_threat_report/


54. July 9, eWeek – (National) Stealthy, sophisticated technology threats are rampant. An overwhelming majority of companies have seen advanced security attacks on infrastructure, customer databases and internal systems by sophisticated malware, according to a report by the Ponemon Institute, an independent research and consulting firm dedicated to information management and privacy. The study, co-sponsored by the network-security vendor NetWitness, found 83 percent of 591 executives reported their companies have been targeted by advanced, stealthy attacks with more than 40 percent claiming they are targeted frequently. Other significant data from the study showed the that detecting threats was a time-consuming and accidental process rather than the result of proactive, information-technology management practices. Forty-six percent of companies took a month or longer to detect advanced threats; 45 percent discovered threats accidentally. Just over one-third (32 percent) believe they have adequate security technologies currently in place, with 26 percent reporting they have adequate security professionals working in their departments. Source: http://www.eweek.com/c/a/IT-Management/Stealthy-Sophisticated-Technology-Threats-Are-Rampant-898918/


55. July 8, Nextgov – (National) Official calls securing critical infrastructure against cyberattack impractical. Securing the nation’s power grid and other computer systems that operate the nation’s critical infrastructure against cyberattack is unrealistic, because companies cannot afford to check if suppliers have provided trustworthy products, an intelligence official from the Energy Department (DOE) said July 8. “If you give me influence or control of your hardware or software supply chain, I control your systems,” said the DOE’s director of intelligence and counterintelligence. “We’re going to have to develop strategies [for managing the supply chain] that are consistent with [the assets] that we’re trying to protect.” Systems that pose a national threat if compromised, including military command-and-control systems and networks-managing weapons, must be built using equipment from trusted companies, he added. He noted that the hardware and software must be checked for security vulnerabilities and possible malicious code that could cause problems. To vet the products would cost more than what private sector organizations likely can afford. The director of intelligence suggested government and companies diversify the pool of suppliers that provide the computer hardware and software that help operate the critical infrastructure. Source: http://www.nextgov.com/nextgov/ng_20100708_3510.php


Communications Sector

56. July 12, Reading Eagle – (Pennsylvania) Verizon crews work to restore service in Sinking Spring area. Verizon crews worked throughout the weekend to try to restore service to a few dozen customers in the Sinking Spring, Pennsylvania area who experienced phone or Internet disruptions since July 8, a company spokesman said. The disruptions occurred after a UGI Utilities crew, boring to test for natural gas leaks, struck an underground cable near Routes 422 and 724. All service should be restored by July 12, officials said. The temporary repairs will be followed by replacement of the underground cables disrupted by the utility crew. Anyone still experiencing service problems should find a working phone and call 800-VERIZON to report the issue. Source: http://readingeagle.com/article.aspx?id=233853

57. July 9, Cary News – (North Carolina) Cut line leaves about 10,000 without cable. About 10,000 cable customers in Cary and Morrisville, North Carolina lost cable, Internet and phone service for six hours July 8 after a fiber optic line was cut by a road crew. The line was cut about 10 a.m. by a crew working on a traffic signal at the intersection of Davis and Cornerstone drives. A Time Warner Cable spokesman said he did not know who was conducting the work but added that it was not a Time Warner crew. The cut line also interrupted service from three, different cell-phone towers. Service was restored at 4:10 p.m. July 8. Source: http://www.carynews.com/2010/07/11/19076/cut-line-leaves-about-10000-without.html

58. July 9, LEX 18 Lexington – (National) AT&T experiencing cell phone outages in four states. AT&T said July 9 they were experiencing cell phone outages in parts of Kentucky, Tennessee, Georgia and Pennsylvania. The company stressed that the outages are isolated to some areas, and are not affecting entire states. The source of the problem has not been identified, but AT&T said technicians are working on resolving the issue. To reach AT&T about the outages, call (800) 331-0500, and dial “0” for the operator. Source: http://www.lex18.com/news/atandt-experiencing-cell-phone-outages-in-four-states