Department of Homeland Security Daily Open Source Infrastructure Report

Friday, August 13, 2010

Complete DHS Daily Report for August 13, 2010

Daily Report

Top Stories

• The Brownsville Herald reports that the north side of the Port of Brownsville in Texas was evacuated August 9 as fire crews spent more than an hour battling a fire in two 19-foot fuel storage tanks that contained fatty acid. Authorities implemented a one-mile safety zone, keeping all incoming vessels out in the water until the fire was contained. (See item 9)

9. August 10, Brownsville Herald – (Texas) Port evacuated after fuel tank fire. The north side of the Port of Brownsville in Texas was evacuated August 9 as fire crews spent more than an hour battling a fire in two 19-foot fuel storage tanks that contained fatty acid, the Brownsville fire chief said. The fire began at approximately 11 a.m. at the RTW Terminal, located off Chemical Road. RTW Terminals is a liquid bulk storage facility. More than 100 employees from various companies were evacuated as a safety precaution while port police, firefighters and U.S. Coast Guard responded to the fire. Authorities implemented a one-mile safety zone, keeping all incoming vessels out in the water until the fire was contained. One heavy rescue unit and over half a dozen fire engines were called to the scene in order to put out the fire. According to a press release from the U.S. Coast Guard, the fire began when a pump motor caught fire and melted the cargo tanks containing the fatty acid. Approximately 42,000 gallons of the oil leaked from the tankers but was contained by a berm. The spill was contained onshore, the release stated. Once fire crews determined the area was safe, the port was reopened. No injuries were reported. The causes and effects of the fire remain under investigation. Source: http://www.brownsvilleherald.com/news/fire-115268-port-contained.html

• According to the Des Moines Register, the worst flooding in Ames, Iowa history August 11 forced hundreds from their homes and shut down the city’s supply of safe drinking water. The city’s water director said the water treatment and distribution system may not be back in service until August 17. (See item 31)

31. August 12, Des Moines Register – (Iowa) Part of I-35 open again as water recedes; Ames may lack water for a week. The worst flooding in Ames, Iowa history August 11 forced hundreds from their homes and shut down the city’s supply of safe drinking water. The flooding followed three days of heavy rains that overwhelmed the Skunk River and Squaw Creek and sent water raging over their banks. On August 11, the city was forced to shut down its water system because of possible contamination after a large water main broke, draining a city water tower. City officials warned residents and businesses that still had service to not drink the water and also to avoid using it for cleaning, flushing and nearly all other household purposes. Restaurants were asked to close voluntarily or use bottled water for cooking and cleaning. The city’s water director said the water treatment and distribution system may not be back in service until August 17. Source: http://www.desmoinesregister.com/article/20100812/NEWS/8120359/-1/ENT05/Flood-recedes-but-Ames-may-be-without-water-for-a-week

Details

Banking and Finance Sector

14. August 12, Watertown Daily Times – (New York) Potsdam bomb call shuts two bank sites. A bomb threat August 11 closed for several hours the Community Bank branches on Market Street and the drive-through on May Road in Potsdam, New York. The police chief said a man called the police station at 10:02 a.m. reporting the bomb threat. The call, which came up as a restricted number, lasted 21 seconds. “The man stated there’s a bomb in one of our banks,” the police chief said. “We asked him which one, and he clarified ‘one of your Community Banks.” The Market Street parking lot surrounding the bank was closed and a police car sat near the bank’s main entrance for several hours. An officer sitting in the police car was informing people of the emergency closing. Bank employees had evacuated the building, but the lights remained on inside. Employees at the Potsdam Insurance Agency and St. Lawrence County Probation Department office, in the same plaza at 70 Market St., also were evacuated. A state police K-9 unit searched each location and found no device. The Market Street location was reopened shortly before 2 p.m. Source: http://www.watertowndailytimes.com/article/20100812/NEWS05/308129974


15. August 12, BankInfoSecurity.com – (International) PCI Updates Unveiled. The long-anticipated new version of the Payment Card Industry Data Security Standard includes no new requirements — just clarifications and new guidance on existing components. This is the headline news from the PCI Security Standards Council, which has just released a summary of the expected changes to PCI DSS and the Payment Application Data Security Standard. A more detailed summary of the proposed versions 2.0 of PCI DSS and PA DSS will be released in September, prior to the council’s community meetings. The final version of the amended standards is expected to be released on October 28, then go into effect on January 11, 2011. Source: http://www.bankinfosecurity.com/articles.php?art_id=2838


16. August 11, AC-360/CNN – (National) FBI: ‘Grandad Bandit’ caught. A suspected serial bank robber dubbed the “granddad bandit” was arrested August 11 in Baton Rouge, Louisiana, authorities said. A FBI Special Agent told CNN the suspect, 53, was captured in the afternoon at his home. The FBI went to the residence to execute an arrest warrant when he retreated into the house. After 6 hours he came out and was placed under arrest. The supsect has been charged with one count of bank robbery and is being held pending an identity, detention and removal hearing. The “granddad bandit” was wanted for at least 25 bank heists in 13 states since 2008. He was given the name because he appeared elderly. In recent weeks, the FBI launched a billboard campaign featuring surveillance pictures of the granddad bandit in the hopes that he would be identified. Source: http://ac360.blogs.cnn.com/2010/08/11/fbi-grandad-bandit-caught/


17. August 11, Sun-Times Media Wire – (Illinois) Joliet bank robber claimed to have bomb. A man claiming to have a bomb robbed a bank in southwest suburban Joliet on the morning of August 11. The deputy police chief said it was just before 10 a.m. when the bandit walked into First Community Bank, 2801 Black Road, and approached a teller. “He gave the teller a note that said he had a bomb and demanded cash,” the deputy police chief said. “He then took the money and note and fled on foot.” No one was injured. Source: http://www.myfoxchicago.com/dpp/news/metro/joliet-bank-robber-claimed-to-have-bomb-20100811


18. August 1, United Press International – (International) ‘Most Wanted’ cyber bandit nabbed in Nice. One of the world’s most notorious cyber-criminals has been arrested at an airport in France, authorities say. The 27 year old suspect was arrested at the Nice airport while waiting for a flight to Moscow where he lives, the Washington Post reported Thursday. The suspect was listed as one of the five most-wanted cyber-criminals in the world and founder of the world’s most sophisticated Internet sites devoted to selling stolen credit card information, said an indictment unsealed Wednesday by the U.S. Secret Service and Justice Department. The suspect known as “BadB” in the Internet world, is part of a “network that has been repeatedly linked to nearly every major intrusion of financial information reported,” the Secret Service’s assistant director for investigations. The suspect was being held in France awaiting extradition, the paper reported. Source: http://www.upi.com/Top_News/US/2010/08/12/Most-Wanted-cyber-bandit-nabbed-in-Nice/UPI-69431281614946/


Information Technology


48. August 12, BBC – (International) Apple issues fixes for ‘drive-by’ attacks. Apple has fixed a security hole used to get around restrictions on what applications can run on iPhones, iPads, and the iPod Touch. The popular JailbreakMe application used the vulnerability to unlock these devices and run non-approved apps. The bug stemmed from the way Apple’s mobile Safari browser handled PDF document files. But security experts warned that it also left users vulnerable to potential attack via booby-trapped websites. The risk to owners was theoretical as no criminals were thought to have exploited it. However it was widely used to run applications, utilities and other add-ons that were not approved by Apple. The company keeps tight control on the apps available via its store and many people turn to alternatives, such as Cydia, for unofficial apps. The loophole was first used for the widely-known JailbreakMe program that let owners visit a specially crafted webpage to trigger the unlocking process. Source: http://www.bbc.co.uk/news/technology-10950967


49. August 12, Computerworld – (International) ‘Dangerous’ iPhone exploit code goes public. Minutes after Apple issued a security update August 11, the maker of a 10-day-old jailbreak exploit released code that others could put to use hijacking iPhones, iPod Touches and iPads. “Comex,” the developer of JailbreakMe 2.0, posted source code for the hacks that leverages two vulnerabilities in iOS and allows iPhone owners to install unauthorized apps. Apple patched the bugs earlier August 11. The exploits that comex used to jailbreak the iOS could be used for other purposes, including delivering malicious payloads to grab control of iPhones, iPads and iPod Touches. All that would be necessary is for hackers to dupe users into visiting a malicious Web site or persuading them to click on a link in an e-mail or text message. “Impressive. And dangerous,” is how the chief research officer at antivirus company F-Secure described the exploit code on Twitter early August 12. It may not be long before comex’s work is turned into a weapon for attacks that gain “root” access, or complete control, of iPhones and iPads. Source: http://www.computerworld.com/s/article/9180601/_Dangerous_iPhone_exploit_code_goes_public


50. August 11, The Register – (International) Facebook bug spills name and pic for all 500 million users. A bug in Facebook’s login system allows attackers to match unknown email addresses with users’ first and last names, even when they’ve configured their accounts to make that information private. The information leak can be exploited by social-engineering scammers, phishers, or anyone who has ever been curious about the person behind an anonymous email message. If the address belongs to any one of the 500 million active users on Facebook, the social-networking site will return the full name and picture associated with the account. “Facebook users have no control over this, as this works even when you have set all privacy settings properly,” a researcher of Secfence Technologies wrote August 11 on the Full-disclosure security listserve. “Harvesting this data is very easy, as it can be easily bypassed by using a bunch of proxies,” he said. Exploiting the vulnerability is as easy as entering the email address into the Facebook sign-on page, typing a random password and hitting enter. To streamline the attack, the researcher has written a PHP script that works with large lists of email addresses. At 8 pm August 11 Pacific Time, the exploit no longer worked. Source: http://www.theregister.co.uk/2010/08/11/facebook_name_extraction_bug/


51. August 11, SC Magazine – (International) 80 million websites could be compromised due to a flaw in Adobe ColdFusion. As many as 80 million websites could easily be compromised due to a flaw in Adobe’s ColdFusion programming language. Users of Adobe’s ColdFusion programming language are at risk of losing control of their applications and websites, according to penetration testing company ProCheckUp. It said that it was able to access every file from a server running ColdFusion and harvest usernames and passwords. It said that this was completed through a directory traversal and file retrieval flaw found within ColdFusion administrator. A competent attacker would be able to steal files from the server and gain access to secure areas and eventually modify content or shut down the website or application, according to the company. The co-founder of ProCheckUp claimed that a standard web browser was used to carry out the attack and knowledge of the admin password is not needed. Source: http://www.scmagazineuk.com/80-million-websites-could-be-compromised-due-to-a-flaw-in-adobe-coldfusion/article/176750/


Communications Sector

52. August 12, WEAU 13 Eau Claire – (Wisconsin) Fire crews respond to transmitter building fire. Fire crews responded late August 11 to a fire at the WJMC radio transmitter building in the town of Oak Grove, Wisconsin. The Rice Lake Fire Department says they were called around 8 p.m. about a structure fire by a radio tower at 2874 20th St. They say the building was fully involved and had a partial roof collapse and a generator was on fire near the building. Fire fighters put out the fire by about 8:30 p.m. They say the fire appears to have started in the generator and then spread to the roof. They say the property is owned by the Koser radio network. No one was hurt during the fire. The Rice Lake Fire Department estimates about $250,000 in damages for the building, contents, and generator. Source: http://www.weau.com/news/headlines/100512184.html


53. August 11, Panama City News Herald – (Florida) Local AT&T service fixed after outage. AT&T has repaired a problem that temporarily cut off communications August 10 while a contractor was working on installing cable lines. The problem resulted from a minor accident during some construction work at Balboa Ave and 11th Street at 3 p.m. According to an AT&T spokeswoman for the Gulf region, the issue only took a few hours to resolve. Among those affected were the Bay District Schools administrative offices. In addition to AT&T, T-Mobile and Sprint customers experienced cell phone connection errors starting at around the same time. It is unclear whether these errors were directly related to the cut cable, but coverage for some returned at about the same time as the coverage for AT&T customers. Source: http://www.newsherald.com/news/local-86067--.html


54. August 10, The Register – (International) Germany bans BlackBerrys and iPhones on snooping fears. The German government has advised ministers not to use BlackBerry and iPhone devices due to “a dramatic increase of attacks against” its networks. A general ban on the use of smartphones in certain German ministries is also being considered, the Federal Interior Minister confirmed August 9 to the country’s business daily newspaper Handelsblatt. He said that ministers and senior civil servants had been told to instead use Simko2 gadgets offered by T-Systems, following advice from the German federal office for information security (BSI). Berlin expressed concern that data for the BlackBerry smartphone passes through two Research in Motion centers in the UK and Canada. He added that there was a possible risk of “political IT attacks” from organized crime and foreign intelligence agencies and said that such harm to the government could increase with the use of the BlackBerry and other smartphones. His comments came after Canada-based RIM was forced to shift servers to Saudi Arabia after that country briefly banned use of the BlackBerry. Government officials in the United Arab Emirates also threatened to restrict the BlackBerry service. Source: http://www.theregister.co.uk/2010/08/10/german_government_mulls_blackberry_iphone_ban/