Department of Homeland Security Daily Open Source Infrastructure Report

Tuesday, August 3, 2010

Complete DHS Daily Report for August 3, 2010

Daily Report

Top Stories

• The Washington Post reports that authorities are warning Fairfax County, Virginia residents to beware of homemade chemical bombs placed in mailboxes and on front yards of residential areas. At least eight of the bombs have been found in residential areas of Reston and West Springfield since May. (See item 24)

24. August 1, Washington Post – (Virginia) Homemade chemical bombs found in Fairfax County mailboxes. Authorities are warning Fairfax County, Virginia residents to beware of homemade chemical bombs placed in mailboxes and on front yards of residential areas. At least eight of the bombs have been found in residential areas of Reston and West Springfield since May, according to the Fairfax County Fire Department. No one has been injured by the bombs, which are made of over-the-counter chemicals, such as Drano and baking soda. Residents have discovered flaming water bottles upon opening their mailboxes. In June, one resident began removing what appeared to be trash from her mailbox in Great Falls. Smoke started barreling out of a plastic water bottle as soon as she touched it. “The bottle had already exploded, but some of the chemicals burned my finger,” the resident said. “My middle finger turned black and swelled to twice its size.” Officials from the fire department arrived soon after, asking the resident who might have done it. “There’s no one who has a vendetta against us,” said the resident, a middle school teacher. “It’s probably kids who have money and wheels and thought this would be a funny joke.” Some bombs have contained shredded aluminum. “People think that it’s trash, but if they pick it up, the bomb could blow their hand off way too easily,” said the head of a community organization called myNeighborsNetwork. The community activist, along with many other residents, suspects local teenagers are responsible. Hundreds of videos on YouTube explain how to produce similar bombs, she said. Source:

• A sewage plant employee became faint and died while working in a 30-foot hole in Sewickley, Pennsylvania, and three other people who tried to rescue him were overcome by an unknown gas and had to be hospitalized, officials said, according to the Associated Press. (See item 30)

30. July 30, Associated Press – (Pennsylvania) 1 dead, 3 sickened at Pa. water treatment plant. A sewage plant employee became faint and died while working in a 30-foot hole in Sewickley, Pennsylvania, and three other people who tried to rescue him were overcome by an unknown gas and had to be hospitalized, officials said. The deceased was working in the hole and fell back into it as he was trying to climb out shortly before 1 p.m. July 29. He radioed for help after becoming faint, said a forensic supervisor with the Allegheny County Medical Examiner’s office. The plant’s supervisor, an inspector for the borough’s engineering firm, and a construction worker for a contractor climbed into the hole to help him. All three were overcome by fumes. They were taken to Allegheny General Hospital in Pittsburgh. The burough manager said he was told the injured men would be kept overnight for observation, but they were expected to recover. It is unclear what the fumes were or where they originated from, but the manager said emergency workers did detect a small amount of methane gas when they arrived. The plant, owned by the borough, is still in operation. Construction will continue Aug. 2 on the $5 million upgrade that the deceased was working on. Source:


Banking and Finance Sector

11. August 2, – (Ohio) Police: Man threatens to blow up bank. Columbus, Ohio police are searching for a man who robbed a Grandview Heights-area bank by threatening to blow up the building, according to reports. According to a press release from a FBI special agent, the suspect was wearing a light-colored fishing hat and dark sunglasses when he entered the Cooper State Bank at 1669 W. Fifth Ave. at 1:35 p.m. July 29. He was carrying a red bookbag on his back and handed a teller a note indicating he had planted bombs outside the bank and would detonate the bombs if the teller didn’t give him money, police said. The special agent said the teller complied and gave the robber money from a drawer. The robber took the money, placed it into his bag and fled the bank. The area was checked by officers but no bombs were located, police said. Source:

12. August 2, Associated Press – (Missouri) Masked robbers steal millions in St. Louis heist. Four armed bandits clad from head to toe in black overpowered two workers at an ATM-servicing business in St. Louis, August 2, then used an armored vehicle to haul away possibly millions of dollars in a well-orchestrated heist. Neither of the employees at the ATM Solutions Inc. holdup in the theater district was harmed by the masked suspects, a St. Louis police captain said. The robbers subdued the workers with duct tape and locked them inside the vault after the raid, he said. Some media outlets reported that the robbers made off with $4 to $5 million. The captain said he had no immediate details of how much was taken. Authorities found the armored vehicle — a specially modified van — about 90 minutes later less than two miles away. The FBI was assisting in the investigation, an agency spokeswoman said, declining additional comment beyond what police released. Source:

13. August 2, Krebs on Security – (Texas) Texas firm blames bank for $50,000 cyber heist. A business telephone equipment company in Texas is trying to force its bank into a settlement over an attack by organized cyber thieves last year that cost the company $50,000. Attorneys for Dallas-based Hi-Line Supply Inc. recently convinced a state court to require depositions from officials at Community Bank, Inc. of Rockwall, Texas. Hi-Line requested the sworn statements to learn more about what the bank knew in the days and hours surrounding August 20, 2009, when crooks broke into the company’s online bank accounts and transferred roughly $50,000 to four individuals across the country who had no prior business with Hi-Line. While the contents of that deposition remain closed under a confidentiality order, Hi-Line’s lawyers said the information gleaned in the interviews shows serious security missteps by Community Bank, and that they are ready to sue if the bank does not offer some kind of settlement. “In the event Community Bank refuses to resolve this matter, now that we have uncovered some of the information obtained by virtue of the court’s order, Hi-Line intends to assert claims for misrepresentation, violations of the Texas Deceptive Trade Practices Act, Fraud, and breach of warranties, among other things,” said a partner with the Dallas law firm Deans Lyons. The president of Hi-Line said the fraud began about the same time the company processes its normal $25,000 payroll. After Hi-Line submitted that batch of payments to its bank, the unknown intruders attempted two more transfers of nearly identical amounts August 21 and August 24. Source:

14. August 2, Bank Info Security – (National) 2 arrested in ‘massive scheme’. The Wakulla County, Florida Sheriff’s Office has arrested two men for involvement in what’s described as “a massive scheme” to defraud thousands of victims across the United States via identity theft. The two suspects are in custody and face multiple charges. The 19-year-old suspect has been charged with 28 counts of fraudulent use of a credit card, criminal use of personal identification, passing counterfeit credit cards and fraud. He is being held on $400,000 bond. The 46-year-old suspect, currently in the custody of the U.S. Secret Service, faces 11 counts of possession of counterfeit credit cards, 11 counts of criminal use of personal information, one count of criminally forged identification, and one count of organized scheme to defraud. Their alleged scheme involved creating counterfeit credit cards with stolen personal information. The suspects are said to have used the stolen information to purchase gift cards and ship the cards (as well as merchandise purchased with the cards) around the world. Police are investigating whether the suspects are part of a larger scheme, as well as whether they are using their true identities, and are in the U.S. legally. Two detectives were tipped off to the scheme when they got a call from a local Wal-Mart store manager in early July. The store manager had been contacted by an Arkansas woman who told him that her credit card had been used fraudulently at his store. Source:

15. August 2, Associated Press – (National) New ID theft targets kids’ SS numbers. The latest form of identity theft does not depend on stealing Social Security numbers. Thieves are now targeting young children’s numbers long before the little ones even have bank accounts. Hundreds of online businesses are using computers to find dormant Social Security numbers — usually those assigned to children who do not use them — then selling those numbers to help people establish phony credit and run up huge debts they will never pay off. Authorities said the scheme could pose a new threat to the nation’s credit system. The sellers get around the law by not referring to Social Security numbers. Instead, they refer to CPNs — for credit profile, credit protection or credit privacy numbers. Source:

16. July 31, Bank Info Security – (National) 5 banks, 2 credit unions fail July 30. Federal and state banking regulators closed five banks and one credit union July 30, and another credit union was placed into conservatorship. The failures raise the total number of failed institutions to 120 in 2010. The National Credit Union Administration (NCUA) was appointed liquidating agent of Norbel Credit Union of Fort Collins, Colorado, by the Colorado Division of Financial Services. Security Service Federal Credit Union of San Antonio purchased and assumed Norbel’s assets, liabilities and members. Norbel had $120 million in total assets. NorthWest Bank and Trust, Acworth, Georgia., was closed by the Georgia Department of Banking and Finance, which appointed the Federal Deposit Insurance Corp. (FDIC) as receiver. The FDIC estimates the cost to the Depositors Insurance Fund (DIF) will be $39.8 million. Coastal Community Bank was closed by the Office of Thrift Supervision (OTC), which appointed the FDIC as receiver. The FDIC entered into purchase and assumption agreements with Centennial Bank, Conway, Arkansas to assume all deposits and assets. The estimated cost to the DIF will be $94.5 million. Bayside Savings Bank was closed by OTS, which appointed the FDIC as receiver. The FDIC entered into purchase and assumption agreements with Centennial Bank of Conway, Arkansas, to assume all the deposits and assets. The estimated cost to the DIF will be $16.2 million. Family First Federal Credit Union of Orem, Utah, was placed into conservatorship by the NCUA, due to declining financial condition. The credit union was not adequately capitalized under standards set forth in the Federal Credit Act, had insufficient earnings and problems with its loan portfolio. Family First has about $139.5 million in total assets. Cowlitz Bank, Longview, Washington, was closed by the Washington Department of Financial Institutions, which appointed the FDIC as receiver. The FDIC entered into a purchase and assumption agreement with Heritage Bank, Olympia, Washington, to assume all deposits. The estimated cost to the DIF will be $68.9 million. LibertyBank, Eugene, Oregon, was closed by the Oregon Division of Finance and Corporate Securities, which appointed the FDIC as receiver. The FDIC entered into a purchase and assumption agreement with Home Federal Bank, Nampa, Idaho, to assume all deposits. The estimated cost to the DIF will be $115.3 million. Source:

17. July 30, Press of Atlantic City – (New Jersey) FBI charges two in. Two New Jersey men are accused of stealing more than $800,000 through fake bank accounts and credit cards and committing some portion of those crimes at their businesses. A 36-year-old suspect of Mays Landing, who owns High Point Cellular in Pleasantville, and a 24-year-old suspect of Egg Harbor Township, who owns Garden State Fuels in the Egg Harbor, were arrested July 30 by FBI agents. The first suspect also was charged with one count of bank fraud for a separate scheme, in which he is accused of stealing $332,000. The two suspects allegedly created a “credit card bust out” scheme starting in April 2009, and opened about 152 fake credit cards, the FBI charged in a criminal complaint. In that scheme, the pair allegedly created fraudulent credit card accounts and increased their limits by making small charges, including at the second suspect’s business. They then paid the balances off through fraudulent bank accounts associated with the cards, the complaint stated. Once the limits on those cards were high enough, the pair transferred money from the cards to the bank accounts and then withdrew the cash, the complaint stated. The fraudulent transfers and charges caused the banks to lose more than $800,000, the complaint stated. Source:

Information Technology

41. August 2, IDG News Service – (International) Hackers release new version of iPhone Jailbreak app. The latest version of software that allows iPhone owners to install applications not approved by Apple has been released days after the practice was declared legal under U.S. copyright law. JailbreakMe 2.0 can be installed by going to its developers’ Web site,, where it is installed via the Safari Web browser. One of its developers, Comex, wrote on Twitter there were initial problems with JailbreakMe and the MMS (Multimedia Messaging Service) and FaceTime video chat functions, but those have been fixed. The practice of jailbreaking was illegal under the Digital Millennium Copyright Act (DMCA), which prohibits the circumvention of copy-protection mechanisms. But recently, the Librarian of Congress issued a batch of exemptions, ruling that the installation of legally acquired third-party software for non-infringing reasons on mobile phones doesn’t violate copyright law. Jailbreaking also allows an iPhone to be used on other phone networks. Apple’s exclusive agreement with AT&T to offer the iPhone is being challenged in a class-action suit filed last month in which customers contend the two companies secretly agreed to unfairly “technologically restrict voice and data service” for five years. Source:

42. August 2, SC Magazine – (International) Microsoft to release out-of-band patch for Windows shortcut vulnerability. Microsoft is set to release an out-of-band patch for the Windows shortcut vulnerability August 3. The update will address the vulnerability discussed in Security Advisory 2286198, which is the critical LNK vulnerability that applies to all versions of the Windows operating system, from Windows XP SP3 to Windows 7. A senior security response communications manager at Microsoft said: “We are releasing the bulletin as we’ve completed the required testing and the update has achieved the appropriate quality bar for broad distribution to customers. A senior program manager with the Microsoft Malware Protection Center (MMPC), said that it and other Microsoft Active Protection Program partners have been keeping a close watch on the use of .LNK files exploiting this vulnerability. Source:

43. August 2, – (International) Koobface hackers now tracking victims. The hackers behind the infamous Koobface worm, which targets users of social networking sites, have added new code designed to monitor the success of their endeavors, according to security vendor Trend Micro. One of the key elements of the bot is the use of fake YouTube pages designed to lure victims into installing what they believe is a codec needed to play a video. “A few days ago, these pages started to include a short JavaScript code which enables the Koobface gang to directly monitor page hits,” explained a Trend Micro advanced threats researcher. According to the researcher, the hourly tracking helps the gang to “correlate the user activity based on time of day and Koobface infection count.” There have been almost 130,000 hits since tracking started last week, he said. Source:

44. August 1, BBC – (International) Two Gulf states to ban some Blackberry functions. The United Arab Emirates (UAE) will block sending e-mails, accessing the Internet, and delivering Instant Messages to other Blackberry handsets. Saudi Arabia will prevent the use of Blackberry-to-Blackberry Instant Messaging service. Both nations are unhappy they are unable to monitor such communications via the handsets. This is because Blackberries automatically send encrypted data to computer servers outside the two countries. The UAE ban will start in October, while the Saudi move will begin later in August. A board member of state-controlled Saudi Telecom said the decision is intended to put pressure on Blackberry’s Canadian owner, Research in Motion (RIM), to release data from users’ communications “when needed”. The UAE’s telecoms regulator, TRA, said the lack of compliance with local laws raised “judicial, social and national security concerns.” RIM said in a statement that it “does not disclose confidential regulatory discussions that take place with any government.” Source:

45. July 30, DarkReading – (International) One in three top-trending search topics return malicious results, finds Norton study. According to a new Norton study, more than one in three of the top-trending search terms returned at least 10 percent malicious results, putting people’s computers and personal information at risk from cybercrime. It turns out that between February and May, searching for “tropical dreams sweepstakes” could actually have been a nightmare, and searching for “red hot laugh riot” could have been anything but funny. At the peak of their popularity, these two particular search terms returned a staggering 99 malicious links out of the first 100 results. This week, celebrity news, online gaming and diseases were among the most poisoned top-trending topics, with terms such as “constance francesca hilton,” “atomic dove” and “melorheostosis” returning more than 45 percent malicious links out of the first 100 results. The Norton study monitored a major search engine’s top 300 trending search terms and analyzed the top 30,000 search results daily for Search Engine Optimization poisoning over a three-month period, between February and May 2010. The search topics ran the gamut from sporting events to song lyrics to breaking news on criminal cases. Using unethical techniques to “game” search engine algorithms, hackers are poisoning search results, taking advantage of spikes in a topic’s popularity to redirect computer users to misleading applications such as fake antivirus scanners. Some days, more than 250 of the top 300 daily search terms returned more than 10 percent malicious links within the first 100 results. Clicking on these poisoned search results could infect a user’s PC and result in exposing personal information to cybercriminals. Source:

Communications Sector

46. August 1, – (North Carolina) Data network outage reported at MI-Connection. A piece of networking equipment failed early Aug. 1 at the Mooresville, North Carolina-based MI-Connection Communications System, cutting off access to most of the system’s Internet customers in the Lake Norman Area. The outage also affected the company’s customer support phone lines, which were out most of the day. As of 4:30 p.m., engineers had identified the problem and were repairing the equipment. By around 5 p.m., customers were reporting that their connections were working again, and the system was full restored that evening. Engineers blamed the problem on a failed networking switch. A backup system also failed. Some MI-Connection telephone customers also were affected, though cable TV service was not. MI-Connection has about 9,300 Internet customers and about 2,000 local telephone customers in Mooresville, Davidson, Cornelius and surrounding areas. Source: