Friday, January 31, 2020

WannaControl Attack on Louisiana Refinery


Cesar Chavez of the Rafael Ravard Refinery in Baton Rouge, LA announced this morning that overnight the refinery operations had been shut down by a a ransomware attack. “It appears that the refinery was the victim of the WannaControl ransomware. The attackers are demanding 100 Bitcoin to release our control systems back into operation,” he reported. At today’s exchange rate that is about $930,000.

Chaves reported that: “We have not yet made a decision on paying the ransom. We will consult with our insurers and the Federal Bureau of Inquiry before finalizing that decision.”

Chavez explained that the refinery operations were shutdown in an orderly manner, but there were numerous flaring incidents during the process. “It does not appear that any damage has been done to the refinery and no personnel were injured,” he explained.

ECS-CERT and the FBI will be conducting a joint investigation of this attack, according to Immanuel C. Securitage of the ECS-CERT. “Preliminary indications are that this attack may be related to the announcement by Robotron earlier this week;” Securitage noted. That announcement was about the possible compromise of software shipped by Robotron after a cyberattack on their facility last October.

When asked about that announcement Chaves acknowledged that the refinery had installed a number of the potentially impacted Robotron controlled pumps during a turn around last year. The company had been planning on replacing those pumps during the next scheduled maintenance activity of each refinery unit. “We may try to do that before the refinery restarts, but it depends on the availability of replacement pumps;” Chavez told reporters.


Thursday, January 30, 2020

Sophisticated SWATTING Attack Destroys Facility


The Federal Bureau of Inquiry announced this morning that it was investigating a recent fire and explosions at an Iowa biodiesel facility as a potential act of terrorism. The attack Tuesday resulted in the release of methanol from multiple storage tanks with resulting explosions and fire. No employees were injured and two police officers were treated and released from the local hospital with minor burns and contusions. One off-site evacuation was necessary as only one family lived within ½-mile of the rural facility.

The attack was first reported to the police in nearby Bums Rush, IA as consisting of five to six individuals armed with apparent automatic weapons. The report was made by the Security Control Center for American Security Guard, Inc. Paul Blart, their spokesman, told reporters that security cameras and intrusion detection devices alerted the company to the possible intrusion. Security Guards at the site were dispatched to the perimeter location where the intrusion was detected. Guards confirmed a whole in the perimeter fence and footprints of multiple individual entering the facility.

When asked if the local security force was armed, Blart replied: “Our contract with Biodiesel of Iowa prohibits us from having armed personnel on-site. That is why we notified the police when our cameras indicated that armed individuals had entered the site.”

When police arrived on scene they started searching for the intruders. When they entered the main storage tank area they were fired upon by automatic weapons. Patrol officers returned fire, apparently puncturing two methanol storage tanks. Minutes later an explosion occurred in the tank farm, destroying multiple tanks. Fires continued to burn well into this Wednesday afternoon.

When investigators were able to enter the site last night, they found a WWI machine gun equipped with remote control and a large supply of blank ammunition. It appears that no intruders were on-site during the exchange of gun fire and no one actually fired at the police officers. Meanwhile, a check of security systems at SGI determined that their system had been hacked and the photos upon which the police report was made were fake. At that point local authorities contacted the FBI.


Sunday, January 26, 2020

Robotron Reports Devices Reprogramed


A press release from Robotron today reported that a number of their devices loaded with MotorSteuerung software have been compromised during the recent ransomware attack on the main manufacturing facility in Dresden, Germany. Devices purchased directly from Robotron since November 2nd, 2019 should be removed from service until a Robotron service representative can check the software.

Erich Mielke, spokesman for Robotron, reported that the company had learned that the MotorSteuerung master software on their severs had apparently been corrupted during the attack. “In the 24-hours that our servers remained encrypted, it appears that doctored software was substituted for factory standard version that is used to load devices being shipped for service,” Mielke explained.

Registered customers can check their device serial number against the list on the Customer Service web site.

Dade Murphy from Dragonfire told reporters that his company had reported the corrupted software to Robotron. We were doing an investigation at one of our customer sites and noted that the software was communicating with a command and control server in Bulgaria that was associated with WannaControl ransomware. This is a new ransomware strain that specifically attacks industrial control systems, putting control systems into shutdown mode and encrypting the files.

Murphy noted that; “In the few cases we have identified, the attackers took great care to safely shutdown the control systems before encrypting the files that would allow for a restart of the process. This requires a great deal of system knowledge and probably reflects a long residence time on the system before the actual attack takes place.” Dragonfire has not yet been able to determine the source of the infection for these attacks; phishing attacks have been ruled out.

CAUTIONARY NOTE: This is a future news story –

Arrests Made in LNG Railcar Hack


At today’s press conference in Franklawn, Johnathan Quest announced that the FBI had arrested two individuals in connection with the cyberattack on the liquified natural gas railcar that was subsequently parked on a siding outside of this small Pennsylvania town. He confirmed that they were loosely tied to the protest group, Frack No More. George P. Mitchell and Willi Barnett are currently being held in the Franklawn jail pending their transfer to a federal facility in Philadelphia.

Floyd Faris, founder of the group, acknowledged that the two individuals had been members of Frack No More but had left the group over policy disagreements. “They wanted to move beyond protests and picketing,” Faris explained. He did note that the attack never increased the level of danger the public was exposed to during the transportation of LNG.

George Schneider, founder and CEO of Schneider Gas, the company that owned the affected railcar, said: “I am happy to see that these two have been arrested, but I will be happier when I am notified that the TransTrac vulnerability is fixed.”

Chief Margaret Stevenson from the Franklawn Fire Department was asked if the public had been in any danger. She responded: “No. The pressure in the railcar never reached unsafe levels. Schneider Gas responded quickly and helped the Department deal with the problem. If it were not for the illegal hack on the railcar, I would treat this as a successful emergency response drill.”

She explained that in accordance with Department training and guidance from the Railroad Safety Administration, her teams had responded to the rail siding where the LNG car had been parked by the Genovese and Newark Railroad. An immediate evacuation of about 20 families living within a mile of the siding was undertaken and methane detectors were set up around the siding. The Schneider team arrived and attached a flare-line to the railcar to allow unsafe pressures to be safely reduced and set-up for unloading the railcar into trucks.

“Schneider and I agreed that unloading should proceed, even though there were no actual safety concerns about the railcar,” Chief Stevenson explained. They both doubted that the railroad would accept the railcar with the flawed reporting device.

Immanuel C. Securitage from ECS-CERT confirmed that the same vulnerability that was used in the Los Angeles traffic hack was used to attack the reporting system on the LNG railcar. “While TransTrac utilized a slightly different GPS tracking device than those used on cars, the same flaw in the information control system at GPS Associates allowed the attackers to provide false information to the railroad,” Securitage reported.

Quest told reporters that both suspects had confessed to their parts in the situation. “They are both proud of the fact that they stopped this railroad shipment of LNG,” Quest said; “Their mistaken opinion will make their transition into the federal penal system quite quick.” Both will be arraigned in Philadelphia on federal computer fraud charges on Monday.

CAUTIONARY NOTE: This is a future news story –

Monday, January 20, 2020

GPS Associates May Be Involved in Hazmat Incident


ECS-CERT announced today that they were joining the investigation of hazardous material incident involving a rail shipment of liquified natural gas that started last week. Immanuel C. Securitage told reporters that the agency’s involvement came at the request of the head of the Franklawn Fire Department, Margaret Stevenson. She had noted a similarity between Thursday’s incident and the GPS Associates related incident earlier this month in Los Angeles.

Stevenson explained that her department had been called to respond to a hazmat incident at a remote railroad siding outside of town. The Genovese and Newark Railroad had parked an LNG railcar on the siding when remote sensors had reported that the pressure inside the railcar was too high to continue transport. When the Schneider Gas and Oil team arrived on the scene to assist in the incident response, they found that the pressure in the railcar was well within the expected limits.

George Schneider, owner and CEO of Schneider Gas and Oil, told reporters that he agreed with Stevenson that it appeared that there was something wrong with the remote reporting unit on the railcar owned by his company. When Stevenson had noted that the TransTrac was made by GPS Associates she told Schneider about the LA incident and both agreed that the two incidents could be related.

John P. Morgan of the Railroad Safety Administration told reporters that all LNG railcars were required by regulation to include a tracking device that reported the location and pressure to the railroad operations center. He noted that the GNR had been transporting about one railcar of LNG per week for the last month without incident. He explained that the railroad had followed the agreed upon emergency response plan in this incident.

Morgan said: “While involving the ECS-CERT in a hazmat investigation is unusual, the involvement of the new tracking device did add a new level of complexity that the RSA was not equipped to address.”

Securitage told reporters: “If hacking of the TransTrac device was involved in this incident, the Federal Bureau of Inquiry would certainly be notified.”

CAUTIONARY NOTE: This is a future news story – 

Wednesday, January 15, 2020

Wider Problems Found in HomeTrack GPS Investigation


At a news conference this morning, Immanuel C. Securitage from ECS-CERT announced that contractors working with ECS-CERT had uncovered some serious security issues at GPS Associates during their investigation of last Friday’s manufactured traffic jam in Los Angles. After quickly eliminating cyberattacks on the stalled cars as the source of the stalling at the intersection, ECS-CERT focused on the HomeTrack GPS system. He said that ECS-CERT was working with GPS Associates to fully identify and resolve the issues involved. He would not provide further details pending the establishment of fixes with the affected systems.

The following story was pieced together from interviews with various people at GPS Associates, Dragonfire, a cybersecurity firm doing contract work for ECS-CERT and ECS-CERT researchers, none of whom are authorized to speak for ECS-CERT or GPS Associates.

The first level check of the security at HomeTrack found a very well-designed security system. There is very limited internet access into their system and the portions of the network where that access is allowed are carefully segmented from the other portions of the HomeTrack network. There were no signs of any phishing attacks and the email system was on its own network segment with little opportunity for an attacker to move laterally out of that system. Finally, there was no known malware found on the system.

System logs clearly showed the identification of the affected vehicles and the order to shutdown their engines. The logs showed that a shift supervisor was the person who was responsible for that access. The only problem was that that supervisor died last year in a boating accident. It seems that the Human Resources Department at GPS Associates has been very slow to notify the various system administrators in the organization when employees left the organization.

A system administrator told me that the company did not think this was much of a problem because access to the most critical portions of their custom architecture had to be done from on-site workstations with logons conducted with scans of the employee badges and a password. Unfortunately, it turns out that the company was not as careful about its logons as it thought.

Dragonfire found a virtual private network (VPN) link into the systems that the system administrators were not aware of. When logging in via the VPN, users were not required to use two-factor authentication. It seems likely that this VPN connection was part of the original coding and would allow programmers to respond to system problems while away from the facility.

Dragonfire also found that there was a TOR website where the VPN login information was available for sale. The same site also provided specific vehicle location identification and shutdown services. The location identification service was advertised as a ‘Track Your Lover’ tool. Real-time tracking and tracking history were available options. The car shutdown service was advertised as ‘Car Swatting’ as a means of getting revenge on people by making them stall in traffic. All that was needed to access either of these services was 1 Bitcoin and a license plate number.

Dragonfire was able to track down at least a dozen of the so called ‘Car Swatting’ incidents based on chatlogs from the site. In only one of those incidents could Dragonfire find evidence that local mechanics identified that the HomeTrack GPS was involved in the problem. In most incidents, mechanics diagnosed other sensor related issues as the cause of the stall. At least one minor traffic collision resulted from a ‘Car Swatting’ incident.

Dragonfire has apparently notified the Automotive Safety Administration (ASA) about the issue. Rose Nader from the ASA has confirmed that an investigation is underway on potential problems with the HomeTrack GPS system, but refused to discuss the issue further saying: “The investigation is in the early stages and it would be premature to discuss the issues involved at this time.” She did note that GPS Associates was cooperating with the agency.

Ed Cole, a spokesman for the Automotive Safety and Security Council (ASSC), an independent auto safety organization said that: “The ASSC is looking into this issue of unauthorized access to GPS tracking data. This is a privacy issue that must be addressed quickly by Congress.” He said that both Rep Milk (D,CA) and Rep Pinter (D,MA) were looking into the issue.

Johnathan Quest reported today that the Federal Bureau of Inquiry was looking into security issues associated with the HomeTrack GPS incident. “We are aware of allegations that system access has been made available on the Dark Web” he told me; “We are trying to contact the owners of at least one TOR website to obtain information.”

When asked if any other cities had been approached with ransom demands Quest replied: “I would not be able to confirm or deny any other incidents at this time.”

Monday, January 13, 2020

Cars Were Not Hacked in LA Traffic Jam


Bernard Abbot, spokesman for CarISAC, an automotive cybersecurity consortium, told reporters today that none of the cars involved in the Friday night traffic jam on La Cienega Boulevard had been hacked. “There was no unauthorized access to the control systems of those vehicles,” he said; “They responded to legitimate commands in the way that they were designed to do. Automotive manufacturers take product cybersecurity very seriously.”

When contacted by this reporter about the above comments, Immanuel C. Securitage of ECS-CERT confirmed that his agency had found no evidence that any of the half-dozen vehicles that they had looked at in the incident had shown any signs of unauthorized access or malware. “We do not currently believe that they attack actually took place at the vehicle level” he told me.

A contractor working with ECS-CERT not authorized to speak to reporters told me that ECS-CERT was currently looking at HomeTrack GPS as the means to the attack that caused twenty cars to shut down at the Los Angeles intersection causing the traffic jam. “Company logs showed that on four separate occasions Friday night someone requested a listing of HomeTrack equipped vehicles in the area of the intersection,” he explained; “The last time, engine shutdown commands were sent to the thirty vehicles identified.” Investigators are currently looking into who had remote access to the HomeTrack GPS system.

When asked about that information, Martin Bishop, spokesman for GPS Affiliates the producer of HomeTrack GPS, replied that his company was cooperating with investigators but would not discuss the details of the ongoing investigation. He did say that: “We are very concerned about the ongoing release of sensitive corporate information that we have voluntarily provided ECS-CERT and are considering suing ECS-CERT for those releases.” He would not explain what sensitive information had been released.

Bishop did explain that the engine shutdown capability had been included in the HomeTrack GPS system at the request of law enforcement as part of a national auto-theft recovery program. It allows police departments to request shutdown of a vehicle that has been reported stolen and is under the observation of police at the time of the request. Typically, the police agency has requested the GPS location of the vehicle before the shutdown is requested. Vehicles can only be shutdown if they are traveling at less than 12 miles per hour or are stopped.

Internal procedures require confirmation of police involvement before either the vehicle location is released, or the engine shutdown command is sent. Bishop confirmed that neither confirmation was obtained on any of the vehicles involved in Friday’s incident.
CAUTIONARY NOTE: This is a future news story –

Saturday, January 11, 2020

LA Traffic Jam Caused by Ransomware Attack


Last night’s traffic jam on La Cienega Boulevard in Los Angeles was caused by a ransomware attack according to Oscar J Simpson, spokesman for the Los Angeles County Department of Traffic Control – Oscar J Simpson. Simpson confirmed that the Department paid the $100,000 ransom to get traffic flowing again through the intersection of La Cienega Boulevard and Centinela Avenue.

Immanuel C. Securitage, spokesman for ECS-CERT explained to reporters this morning that this was an unusual ransomware attack. “Normally attackers infiltrate the victim’s computer system and encrypt the files on the device and demand payment to unlock the files. That is not what happened in this instance.” he explained.

The infected systems were the automotive control systems in about twenty automobiles transiting the intersection. Using a new ransomware system called WannaDrive, the attackers had previously infected the HomeTrack GPS Software on the vehicles. When these twenty vehicles were at the intersection the attackers turned off their vehicle ignitions, stalling the vehicles. Confusion ensued. The attackers then contacted LADTC to demand the payment to turn the vehicles back on.

Dade Murphy from Dragonfire, a control system security company, told reporters that until last night hackers had not been able to find a way to monetize the large number of vulnerabilities in connected automobiles. That now has apparently changed. “I suspect that we are going to start seeing any number of traffic control agencies in the country being approached by the folks behind WannaDrive asking for payments to not have the sort of attack that we saw last night in Los Angeles,” Murphy told this reporter. “It might take one or two more actual attacks, but I suspect that traffic control managers will be willing to pay just like Los Angeles did.”

Johnathan Quest from the Federal Bureau of Inquiry confirmed that the FBI was investigating the incident.

ECS-CERT said that it was working with GPS Affiliates, the company that sells the software and automotive manufacturers to try to come up with a solution to the problem.

CAUTIONARY NOTE: This is a future news story –

Wednesday, January 8, 2020

East Coast Brownouts Due to Pipeline Hack


The Energy Security Agency (ESA) today confirmed that brownouts seen overnight in the Northeast are connected to the ongoing cyberattacks against the Friendly Morning Pipeline Company. Spokesman Edison Watt reported that three gas-fired powerplants suffered supply interruptions yesterday causing them to shut down safely. All three plants were subsequently brought back online after gas supply resumed.

Watts noted that there were no cyber attacks on any electrical production or distribution systems. “The grid is safe and operating nominally,” he noted. “The system is designed to allow for production interruptions at individual production facilities. The minor problems last night were due to these three major generators dropping off-line at nearly the same time.”

George Friendly, CEO of the Friendly Morning Pipeline Company, told reporters that his company had engineers at each pumping station to operate the system under manual controls until the cyber issues could be remediated. “We should see no more interruptions of gas delivery to either our residential customers or power generation facilities.” The company is relying on assistance from other pipeline operators to maintain the 100% manual operation of the East Coast Prime Pipeline.

Immanuel C. Securitage from ECS-CERT told reporters that the agency has confirmed that the Smerdis Group is behind the ongoing cyberattacks on the pipeline. The group is known to operate out of Karaj, Iran, but appears to be independent of the Iranian government.

Dade Murphy from Dragonfire, a cybersecurity company assisting in the investigation, reported that it appears that the Smerdis Group had been present in the pipeline control system for some time. The attacks were exploiting known denial-of-service vulnerabilities in a number of the control system components. These vulnerabilities were rated as ‘low-risk’ because rebooting the affected device restored full system operation fairly quickly. Murphy noted that: “Companies frequently decide not to patch for these vulnerabilities due to time constraints and costs involved; it’s a common risk-benefit conclusion for these types of vulnerabilities.”

Securitage told reporters what was going on with this extended cyberattack on the pipeline was that the attackers were stringing minor DOS attacks on multiple devices at a pumping station together to have a larger impact on pipeline pressure. “This is a sophisticated attack requiring extensive pipeline engineering experience and a high-level of knowledge about the control system involved. This is a hallmark of the Smerdis Group.”

Watts agreed with a reporter’s suggestion that coal fired power plants were not subject to this type of fuel-denial attack. He noted that: “Coal-fired plants did typically have days to weeks of coal supplies on hand to avoid problems with fuel-delivery interruptions. That has not been deemed necessary for gas-fired plants. The ESA will be looking at that issue. On-site gas storage may become a requirement.”


CAUTIONARY NOTE: This is a future news story –


Monday, January 6, 2020

FBI Raids China Water Treatment Headquarters


Johnathan Quest, spokesman for the Federal Bureau of Inquiry, told a news conference today that a team of investigators from the FBI, ECS-CERT and Dragonfire, a commercial cybersecurity firm, executed a search warrant at the headquarters of China Water Treatment, a US subsidiary of Tianjin Chemical here in New Orleans. Quest told reporters that three Chinese nationals were detained, and a large number of records and computer hardware were removed from the building.

While Quest was unwilling to discuss the case to which this raid was related, an investigator from ECS-CERT who spoke on condition of anonymity reported that seizures were related to the attack on Blew Bayou Chemical Christmas Week that sent three firefighters to the hospital and caused major damage to the monomer production area of the facility.

An email sent last week from Dragonfire to ECS-CERT reported that company investigations turned up evidence of Chinese involvement in the cyberattack on the facility. Unconfirmed reports this weekend seemed to indicate that Dragonfire had found evidence that the command-and-control server for the attack was located in Louisiana not in China.

Immanuel C. Securitage, spokesman for ECS-CERT, confirmed at today’s press conference that there had been some indications in the attack software that it had been generated by a known Chinese APT group, HuaxueGang. There were not, Securitage reported, any indications that that group was actually involved in the use of that malware in this case. All communications indicators pointed to IP and physical addresses here in the United States.

Eaton Kaghun, a plant manager for Blew Bayou Chemical told reporters outside of today’s news conference that Tianjin Chemical was the competitor of Blew Bayou in Asia and was trying to break into the tight US monomer market via their China Water Treatment subsidiary.

An unidentified spokesperson from the Chinese Consulate in New Orleans reported that the Chinese government was cooperating fully with investigators from ECS-CERT. “We do not in anyway condone attacks on industrial control systems that could have physical impacts on the health and safety of anyone in the US chemical industry.”

A well-known Chinese dissident in Hong Kong, Zhēnzhū Jiàng Yā, reportedly told Dragonfire that in the current international situation, China did not want anyone in the current administration to blame them for a cyber-physical attack on a US company facility. That dissident also reported that it appeared that the President of Tianjin Chemical was being questioned by police in Beijing.


CAUTIONARY NOTE: This is a future news story –

Saturday, January 4, 2020

East Coast Prime Pipeline Interruptions Being Investigated


The DOT’s Pipeline Safety, Security and Operations Office (PSSOO) announced today that it was launching an investigation in the problems being seen in the last 24-hours along the East Coast Prime Pipeline. Low pipeline pressures, intermittent failures at pumping stations and other anomalies have been reportedly been interfering with the delivery of natural gas to a number of electric generating stations along the east coast from Maryland thru New Hampshire. Local distribution of natural gas to local communities has also been a problem where local gas companies derive their supplies from the same pipeline.

George Friendly, owner and CEO of the Friendly Morning Pipeline Company that owns East Coast Prime, says that company engineers and service personnel have been dispatched to all of the pumping stations along the pipeline to try to restore normal operations. He has also asked the ECS-CERT to help look into the problems because much of what has been happening appears to be connected to control system issues.

Rep Rebecca Pinter (D,MA), has asked that the Federal Bureau of Inquiry to help with the investigation because her office has been receiving reports that the problems were due to a cyber attack on the pipeline. A spokesperson for her office reported that they had received information from a constituent with family in the middle east that indicated that this was connected to international tensions in the Persian Gulf. The FBI has refused to comment on that request other than saying that a preliminary investigation had been started based on the information provided by Pinter.

The Department of Homeland Security continues to maintain that there is currently no indication of a credible threat against the United States, but encouraged critical infrastructure to be aware of the increased potential for cyberattacks.

CAUTIONARY NOTE: This is a future news story –

Wednesday, January 1, 2020

Acrylamide Lines Were Actually the Target


Immanuel C. Securitage, spokesperson for ECS-CERT today told reporters that last weeks attack on a Baton Rouge chemical manufacturing facility was apparently more successful than originally planned by the cyber attackers responsible. Information uncovered today indicates that the attacker’s original plan was to apparently disable acrylamide production, not destroy the acrylic acid tank that exploded and caused the facility fire.

As the investigators from the Agency for Chemical and Environmental Security (ACES) were going through the facility today looking at the consequences of the attack while waiting for clearance to enter the acrylic acid storage building found problems with all of the acrylamide transfer lines in the facility. Like the line that exploded, injuring three firefighters, all of whom have been released from the hospital, every acrylamide transfer line in the facility was full of acrylamide.

Daniel Varg, the ACES spokesman, explained that acrylamide transfer lines used to move the monomer around the facility are normally blown empty when they are done being used. This is to prevent the monomer from polymerizing in the line. This is especially critical when temperatures drop below 50˚F. At that temperature the acrylamide freezes out of solution (this facility manufactures 50% acrylamide in water). That process separates the acrylamide from the chemical that is added to the solution to inhibit the polymerization reaction.

We did see temperatures drop below that level after the facility shut down manufacturing before their Christmas break. When temperatures warm back up the acrylamide goes partially back into solution, but does not mix with the inhibitor. Transfer lines that are in the sun can reach temperatures where the monomer can then start the polymerization process, blocking the lines with a polymer plug that has to be cut out of the line.

It appears that there are multiple blockages in most of the transfer lines in the facility. This essentially shuts down acrylamide product until all of the lines can be inspected and all of the blockages cleared. Blew Bayou Chemical estimates that it will be at least two week until production can resume, and most of the transfer lines from storage tanks to truck and rail loading lines were also blocked.

A spokesman for Dragonfire, a company that is supplying control system forensic experts to assist ECS-CERT in their investigation, told reporters that the code for filling the transfer lines was written before the code for the attack on the acrylic acid tank. That acrylic acid attack depended upon the existence of a bad check valve in an airline going into a reaction vessel. That problem was not identified by Blew Bayou until just before their shutdown before Christmas. Dade Murphy explained that it appears that the attackers saw the work order on the maintenance server and realized that it provided them with another mode of attack on the facility.

Murphy also explained that at least one of the people writing exploit code for the attack appears to have been a native Chinese speaker. He would not go into details about how Dragonfire made that connection. After hearing that announcement, IB Kaghun, spokesman for Blew Bayou was heard to be saying something about Tianjin Chemical when the company attorney, Charlene Matlock pulled him away from the dias.

China Water Treatment, a US subsidiary of Tianjin Chemical, announced today that they also had acrylamide available for shipment from its terminal in New Orleans.

CAUTIONARY NOTE: This is a future news story –