Monday, December 13, 2010

Complete DHS Daily Report for December 13, 2010

Daily Report

Top Stories

• The St. Louis Post-Dispatch reports TransCanada Corp. is digging up 10 sections of a new, 2,151-mile crude oil pipeline that runs through many midwestern U.S. states after tests showed it may contain defective steel. (See item 5)

5. December 9, St. Louis Post-Dispatch – (Illinois) Massive oil pipeline to be checked for defective steel. TransCanada Corp. is digging up 10 sections of a new, $5.2 billion crude oil pipeline after government-ordered tests identified possibly defective steel that may have been used in its construction. As one of the longest and most expensive pipelines ever built in North America, the Keystone pipeline can carry about a half-million barrels per day, enough to supply about 2 percent of the country’s daily demand. Oil began reaching the refinery in late June and will continue to flow during the work. Federal regulators ordered more extensive tests on the Keystone line after problems with substandard steel surfaced in several other projects. An investigation revealed several pipelines built during a construction boom from 2007 to 2009 contained significant amounts of defective pipe that stretched under pressure. TransCanada officials declined to provide details about the 47 anomalies they found, including the percentage of any expansions. Nine anomalies were detected in Missouri, 12 in Kansas, 14 in Nebraska and 12 in South Dakota. Investigators traced the problems to defective steel produced by several mills, but mostly by Welspun Power and Steel, a manufacturer based in India. The Keystone pipeline stretches 2,151 miles from the Athabasca tar sands of Alberta, Canada to the ConocoPhillips’ Wood River refinery in Roxana, Illinois, then on to Patoka, Illinois. Source:

• According to the Associated Press, the Federal Aviation Administration (FAA) is missing key information on who owns one-third of the 357,000 private and commercial aircraft in the U.S. (See item 19)

19. December 10, Associated Press – (National) FAA loses track of 119,000 planes. The Federal Aviation Administration (FAA) is missing key information on who owns one-third of the 357,000 private and commercial aircraft in the U.S. — a gap the agency fears could be exploited by terrorists and drug traffickers. The records are in such disarray that the FAA said it is worried criminals could buy planes without the government’s knowledge, or use the registration numbers of other aircraft to evade new computer systems designed to track suspicious flights. It has ordered all aircraft owners to re-register their planes in an effort to clean up its files. About 119,000 of the aircraft on the U.S. registry have “questionable registration” because of missing forms, invalid addresses, unreported sales or other paperwork problems, according to the FAA. In many cases, the FAA cannot say who owns a plane or even whether it is still flying or has been junked. Already there have been cases of drug traffickers using phony U.S. registration numbers, as well as instances of mistaken identity in which police raided the wrong plane because of faulty record-keeping. Next year, the FAA will begin canceling the registration certificates of all 357,000 aircraft and require owners to register anew. Source:


Banking and Finance Sector

14. December 10, Arizona Republic – (Arizona) Ex-police officer accused in five Ariz. bank robberies. A former Phoenix, Arizona, police officer has been arrested on suspicion of five area bank robberies in which he is accused of making off with more than $133,000. The 40-year-old suspect, who left the police department in 2005 after 13 years, was taken into custody after a 4-year investigation involving the FBI’s Bank Robbery Task Force, and the Maricopa County Attorney’s Office, the agencies announced December 9. A 95-count indictment accuses the man of armed robbery, kidnapping, aggravated assault, and theft in a string of Bank of America robberies over 5 months in 2006. The man wore a ski mask during the heists, according to investigators. He was identified in part through “assistance from the public,” officials said. He is being held in lieu of $1 million bail. Source:

15. December 10, Bucks County Courier Times – (Pennsylvania) Police detonate bomb inside bank. A bank robber attempted to extort money from a Bensalem, Pennsylvania, bank December 9 by leaving a gift-wrapped package containing a pipe bomb and directions on how to arrange payment. The Philadelphia Bomb Squad detonated the crude weapon inside the M&T Bank on the 1800 block of Street Road after the bank and several nearby businesses were evacuated, police said. No one was injured. Bensalem’s public safety director said a bank employee found a gift-wrapped package in a bag hanging in one of the bank’s entranceways at 8:30 a.m. and brought it inside. A note inside the package read, “This is a bomb,” and demanded money, he said. The package had directions about how to contact someone to send the money to, police said. The bank employee called 911 and left the area. Bensalem police ordered everyone out of the bank and several nearby shops, and closed parts of Street and Hulmeville roads. The Philadelphia Bomb Squad checked the device and determined it was a pipe bomb with a cell phone attached to detonate the explosives inside the pipe. A member of the bomb squad detonated the bomb inside the building, causing minor damage and sending a piece of the device shooting through one of the bank’s glass entrances, police said. Source:

16. December 9, Roseville Press-Tribune – (California; National) Roseville man admits to role in $3m Ponzi scheme. Following an investigation by the U.S. Secret Service, a Roseville, California man has pleaded guilty to helping defraud investors of $2,975,352, court files show. In a plea deal with federal prosecutors, the suspect confessed to pocketing $160,458 in a Ponzi scheme involving an unnamed co-conspirator, whom the man sent $564,241. The 49-year-old suspect appeared in federal court December 9, when he was appointed a public defender. The defendant admitted to posing as an escrow officer, paying off investors with funds from 22 other investors, who believed their money would go toward real estate deals. His cooperation with the office of a U.S. attorney requires the suspect to disclose all assets related to the scam. Source:

17. December 9, Associated Press – (National) NY trustee seeks $1B from 7 international banks. Seven global banking institutions enabled a disgraced financier’s Ponzi scheme by “creating and offering derivative investment products linked to various ... feeder funds,” a court-appointed trustee alleged December 7. A trustee announced a lawsuit in federal bankruptcy court in Manhattan that seeks to recover more than $1 billion from Citibank, Natixis, Fortis, ABN AMRO, Banco Bilbao Vizcaya Argentaria, Merrill Lynch, and Nomura. The suit alleges the banks received transfers of money from the financier’s business “through numerous feeder funds at times when they either knew or should have known of ... (the) fraud.” Source: 18. December 8, Arizona Republic – (Arizona) Police: Possible serial bank robber operating in Surprise. ”Skeletor Bandit” is what the FBI dubbed a suspected serial bank robber who they say hit several banks in Arizona. An FBI official confirmed they are looking for a man with the same moniker as the villainous character from 1980s children’s cartoon He-Man that they believe robbed four banks. A special agent and FBI spokesman said investigators believe the 25- to 35-year-old man robbed two banks in Flagstaff and one bank in Surprise on two separate occasions. The robber most recently hit AmTrust Bank at 14543 W. Grand Ave. December 6. The man is suspected of robbing the same bank December 6. Both times he threatened the teller with a handgun while wearing a Halloween-style mask, Surprise police said. The suspect may be driving a dark blue or dark gray 2000 to 2001 Chevrolet sedan with dark tinted windows that is possibly an Impala, authorities said. Source:

Information Technology

38. December 10, Computerworld – (International) Mozilla patches 13 Firefox security bugs. Mozilla patched 13 vulnerabilities in Firefox December 9, including a re-patch for a bug that was thought quashed in March 2010. Eleven of the 13 were rated “critical,” the threat level representing bugs that hackers could conceivably use to hijack a system or infect it with malware. Of the two remaining vulnerabilities, one was labeled “high” and the second was tagged as “moderate.” The patched versions were designated Firefox 3.6.13 and Firefox 3.5.16 by Mozilla, which continues to provide security updates for Firefox 3.5. Source:

39. December 10, IDG News – (International) Power glitch hits Toshiba’s flash memory production line. Toshiba could lose up to a fifth of the NAND flash memory chips it was making for delivery early in 2011, after a momentary power glitch caused its production line to halt. But the problem should not have a long-term effect on chip prices, which could drop by more than half in 2011, according to analyst data. The glitch occurred December 8 at 5:21 a.m., when problems bringing a substation online at a thermal-electric power plant caused a drop in supply voltage for 0.07 seconds, said substation-operator Chubu Electric Power. The drop, while brief, was enough to cause major problems for Toshiba because its back-up power-supply did not kick in. As a result, machines on the company’s NAND memory chip production line in Yokkaichi, central Japan, stopped working. Because of the highly integrated nature of a chip production line, where each machine works at a precise pace so the entire line is in harmony, a fault in even one machine is enough to bring production to a halt. Source:

40. December 9, Computerworld – (International) Microsoft ships delayed patches for Office for Mac 2008. Microsoft issued an Office for Mac 2008 security update December 8 that patched four vulnerabilities the company had disclosed but not addressed in November. Office for Mac 2004, which harbors the same four flaws, remains unpatched, however. Microsoft released an update November 9 for Office for Mac 2011 — which shipped just 2 weeks earlier — that patched four bugs, all rated “important,” the second-highest threat ranking in the company’s four-step scoring system. At the time, Microsoft labeled each of the four with the phrase “remote code execution,” indicating they could be used by attackers to infect a Mac with malware. It did not update Office for Mac 2008 or 2004 at the same time. In reply to questions in November, a representative for Microsoft said the updates for Mac Office 2004 and 2008 were not ready, but the company chose to issue fixes that were finished, particularly those for the more popular Office suites for Windows. The 333MB update to Office for Mac 2008 December 8 also includes some stability improvements to Entourage, the e-mail client included with that version of the suite. Microsoft did not set a release date for Office for Mac 2004 fixes. Source:

41. December 9, Computerworld – (International) Microsoft slates another monster patch Tuesday. Microsoft December 9 said it will deliver a record 17 security updates next week to patch 40 vulnerabilities in Windows, Internet Explorer (IE), Office, SharePoint, and Exchange. Among the 40 patches will be two that address a pair of bugs that hackers have already exploited. “[The large number of patches being released] is partly due to vulnerability reports in Microsoft products increasing slightly ... [and to the fact that] Microsoft supports products for up to ten years,” the director of the Microsoft Security Response Center, said in a December 9 post to the team’s blog. “Older products meeting newer attack methods, coupled with overall growth in the vulnerability marketplace, result in more vulnerability reports.” Two of the 17 updates were tagged with Microsoft’s “critical” label, the highest threat ranking in its four-step scoring system. Another 14 were marked “important,” the second-highest rating, while the remaining update was labeled “moderate.” Source:

42. December 9, Computerworld – (International) Pro-WikiLeaks cyber army gains strength; thousands join DDoS attacks. The retaliatory attacks by pro-WikiLeaks activists are growing in strength as hackers add botnets and thousands of people download an open-source attack tool, security researchers said December 9. In recent days, distributed denial-of-service (DDoS) attacks have been launched against several sites, including those belonging to Amazon, MasterCard, PayPal, and the Swiss payment transaction firm PostFinance, after each terminated WikiLeaks accounts or pulled the plug on services. Most of those participating in the attacks are using the LOIC (Low Orbit Ion Cannon) DDoS tool, said researchers with Imperva and Sophos. The open-source tool, which is sometimes classified as a legitimate network- and firewall-stress testing utility, is being downloaded at the rate of about 1,000 copies per hour, said the Web research team lead at Imperva’s Application Defense Center. LOIC has become the DDoS tool of choice in the pro-WikiLeaks attacks because users can synchronize their copies with a master command-and-control server, which then coordinates and amplifies the attacks. Source:

Communications Sector

Nothing to report