Department of Homeland Security Daily Open Source Infrastructure Report

Tuesday, July 8, 2008

Daily Report

• The U.S. National Hurricane Center forecasts Hurricane Bertha should remain out of the oil-rich Gulf of Mexico for at least the next five days as it approaches Bermuda. (See item 1)

• The Barnwell, South Carolina, disposal facility closed its doors to Pennsylvania and 36 other states on July 1. The closure means waste producers will have to hold onto that waste until a new site is found. That process will take years. (See item 7)

Banking and Finance Sector

10. July 5, Associated Press – (National) 9 convicted in Austria fraud case. Nine people were convicted Friday of criminal charges in a major Austrian bank fraud case linked to the 2005 collapse of New York-based commodities brokerage Refco Inc. A Vienna Federal Court Judge found the defendants responsible for 1.4 billion Euros (US$1.9 billion) in losses at Bank Fuer Arbeit und Wirtschaft AG (BAWAG), Austria’s No. 4 bank. The defendants include two former BAWAG executives and a U.S.-based investment banker. BAWAG loaned former Refco chief executive officer several hundred million dollarsjust before the brokerage filed for bankruptcy protection in October 2005. He was sentenced to 16 years in prison Thursday in the U.S. by a judge who denounced what he called the “staggeringly arrogant” greed of the white-collar criminals implicated in the case. Refco was one of the world’s largest commodities brokerages, and prosecutors said BAWAG played a pivotal role in its collapse. Source:

Information Technology

24. July 7, Associated Press – (International) Internet addressing agency loses its addresses. The nonprofit agency in charge of the Internet’s addresses recently lost track of its own address. The Internet Corporation for Assigned Names and Numbers (ICANN) said it happened when an Internet registration company it oversees got fooled into transferring the domain names to someone else. The attack was quickly noticed, and ICANN’s domain names were restored within 20 minutes. However, because many Internet directories retain information for a day or two, visitors could have been redirected to an unauthorized site for longer. ICANN said Thursday that new, unspecified security measures should prevent such attacks in the future. The organization also said it was reviewing other security procedures. The domain names hijacked were and — for the ICANN subdivision known as the Internet Assigned Numbers Authority (IANA). Visitors to those addresses are normally redirected automatically to the organization’s main sites at and, neither of which was affected by the attack. Source:

25. July 5, InfoWorld – (International) The dangers of cloud computing. The idea of cloud computing – designed around an architecture whose natural state is a shared pool outside the enterprise – has gained momentum in recent months as a way to reduce cost and improve IT flexibility. But the use of cloud computing also carries with it security risks, including perils related to compliance, availability, and data integrity. Yet many companies do not think through those risks upfront. For example, having proper failover technology in place is a component of securing the cloud that is often overlooked, notes the principal of Enterprise Applications Consulting. Yet these same companies make sure they have failover for established services, like electricity. “If you look around, go to any major facility, what is sitting in a box outside is an alternative power supply. They don’t rely on just the grid,” he says, arguing that cloud computing should be no different. In some cases, the risk is too great to rely on the cloud. And where the decision is made to put some services and applications in the cloud, the business must ask how that risk should be managed. Cloud computing also does not have the same kind of security standardization that applies to normal IT infrastructures, making it more vulnerable. Source:

Communications Sector

26. July 5, ComputerWorld – (International) Storm botnet stages Fourth of July attacks. As predicted, hackers tried to trick users into downloading the Storm bot on Friday by unleashing a flood of Independence Day spam bearing links to malicious sites, several security companies reported. The spam campaign, anticipated earlier in the week by MX Logic Inc., used messages with subject headings ranging from “Amazing firework 2008” and “Celebrating Fourth of July” to “Light up the sky” and “Spectacular fireworks show,” said U.K.-based Sophos PLC in an alert posted to the Web on Friday. Links in the spam led to hacker-controlled sites that trumpeted a video clip worth downloading. “Colorful Independence Day events have already started throughout the country,” the malicious sites claimed. “The largest firework happens on the last weekday before the Fourth of July. Unprecedented sum of money was spent on this fabulous show. If you want to see the best Independence Day firework, just click on the video and run it.” The file pitched to users was an executable – “fireworks.exe.” Users who agreed to the download did not receive a video, but instead infected their Windows-running PCs with the Storm Trojan horse, which hijacked the system and added it to the existing collection of compromised computers making up the Storm botnet. Source: