Department of Homeland Security Daily Open Source Infrastructure Report

Monday, November 17, 2008

Complete DHS Daily Report for November 17, 2008

Daily Report

Headlines

 According to Reuters, a natural gas pipeline was shut early Friday after an explosion in Grady County, Oklahoma, that injured one person and destroyed three homes. (See item 1)

1. November 14, Reuters – (Oklahoma) Enogex Oklahoma natgas pipe explodes, injures one. A natural gas pipeline was shut early Friday after an explosion in Grady County, Oklahoma, that injured one person and destroyed three homes, a spokesman for the pipeline’s operator said. “We had an indication of a pipeline losing pressure at about 3 a.m. local time and shortly thereafter, we came to know of a pipeline rupture and a fire. We immediately closed the valves on either side of the area where the rupture occurred,” said a spokesman for OGE Energy Corp. and gas pipeline company Enogex. The line is a 20-inch natural gas gathering line that brings gas from producing areas nearby to a natural gas processing plant in the area. He said the line, which carries about 18 million cubic feet of gas, was running near operational levels. “It is not a critical service line for us, it is a processing line,” he said. The company was rerouting the gas and did not expect any effect to customer deliveries. Source: http://www.reuters.com/article/rbssIndustryMaterialsUtilitiesNews/idUSN1443824120081114

 CNN reports that a brush fire in Santa Barbara County, California, burned more than 100 homes and forced students and staff at the campus of Westmont College to take cover in the school gym. The blaze began Thursday evening. (See item 29)

29. November 14, CNN – (California) More than 100 homes burned in California blaze. A wind-driven brush fire roaring through the canyons of Santa Barbara County has burned more than 100 homes, injured 13 people, and charred more than 2,500 acres, a county spokeswoman said. She said residents of more than 4,500 homes were ordered to evacuate as flames from the Tea Fire engulfed multimillion-dollar mansions and modest ranch-style homes north of Los Angeles. The blaze began Thursday evening. Large homes continued to burn Friday morning, and the governor of California proclaimed a state of emergency in Santa Barbara County. The fire threatened roughly 1,500 homes, the California Department of Forestry and Fire Protection said. Winds calmed at daybreak Friday, slowing the spread of the fire, but were forecast to pick up to 50 mph to 70 mph through Saturday. The flames roared onto the campus of Westmont College in Santa Barbara, forcing students and staff to take cover in the school gym. Several buildings, including dormitories, the school’s physics building, and more than a dozen homes in Westmont’s faculty housing area, have been lost or “significantly damaged” by the fire, the school said in a statement on its Web site. Source: http://www.cnn.com/2008/US/11/14/california.fires/index.html

Details

Banking and Finance Sector


6. November 14, VNUNet.com – (National) Federal Reserve spam attack emerges. Security officials are warning users of a clever new phishing scam arriving in emails purporting to come from the U.S. Federal Reserve. The U.S. Computer Emergency Response Team (US-CERT) said that the spammed messages direct users to a web page which warns of a new phishing scam targeting users. The message contains a fake Federal Reserve letterhead and warns users in typically broken English that a “large-scales phishing attack started and has been still lasting.” In addition to the shoddy grammar, the messages are identifiable in their attempt to lure victims to an outside URL. On clicking the link, the user is briefly sent to a fake Federal Reserve page which attempts to download a PDF file, supposedly containing further details on the attack. Shortly after accessing the page, the user is forwarded to a pornographic web site. An advanced threats researcher at security firm Trend Micro said in a blog posting that the PDF file is loaded with malicious JavaScript which attempts to download and install a number of malware packages, including a botnet controller. He noted that the botnet uses a Secure Socket Layer connection to send and receive encrypted information between the botnet server and infected machines, a particularly interesting characteristic. In addition to keeping updated system and antivirus software, US-CERT recommends that users exercise caution when viewing unsolicited messages and avoid clicking on any links which may seem suspicious. Source: http://www.vnunet.com/vnunet/news/2230518/federal-reserve-spam-attack


7. November 13, Bloomberg – (National) Banks see flaws in FDIC program to guarantee debt. JPMorgan Chase & Co., Bank of America Corp. and Goldman Sachs Group Inc. are among banks that told the government its program to back their bonds is flawed because it does not have a strong enough guarantee. The Federal Deposit Insurance Corp. guarantee for repayments in default needs to be clearer, the fees are too high, and banks need more freedom on whether to opt in, according to a letter from law firm Sullivan & Cromwell LLP posted on the agency’s Web site on behalf of nine banks. The comment period on the interim rules for the FDIC’s Temporary Liquidity Guarantee Program ends November 13. The comments shed light on why almost a month after the government placed its guarantee behind new bank bonds, no U.S. company has yet tested the market. Credit Suisse Group AG sent a separate letter to the FDIC on November 4. Without rules that “fully and irrevocably” guarantee repayment, the size of the program and the number of banks that participate will be “significantly below the expectations of the FDIC, the industry, and all interested parties in the health of the U.S. banking system,” wrote the managing director at Credit Suisse Securities USA LLC in New York. Source: http://www.bloomberg.com/apps/news?pid=20601087&sid=a8vX68kdt21U&refer=worldwide


Information Technology


Nothing to report


Communications Sector


25. November 13, VNUNet.com – (International) F-Secure warns of mobile malware growth. Security firm F-Secure has launched the fifth iteration of its mobile security software, which tackles what the firm describes as a slow but steady growth in mobile malware. Smartphones are becoming increasingly sophisticated, and users are storing a large amount of personal and business information on the devices. Research conducted by F-Secure suggests that there are more than 400 mobile viruses in circulation. Some of these are simply annoying, such as Skull.D, which locks up the phone with a flashing skull and crossbones on the screen; but others can cause considerable damage. Although 400 viruses may be a tiny figure compared with the millions of PC viruses floating around today, some mobile malware applications are extremely worrying as they can continuously send premium rate texts or deliver email and other personal information to a third party. Some can even use a phone’s GPS system to track the user’s movements, and are marketed as legitimate applications as a way for parents to keep track of kids, suspicious partners to uncover infidelities, or businesses to audit the use of their mobile phones. Source: http://www.vnunet.com/vnunet/news/2230481/f-secure-launches-mobile


26. November 13, Associated Press – (South Carolina) Feds to work with state on prison cell phone jamming. South Carolina’s proposal to jam cell phone signals in prisons violates federal law, but regulators said Thursday they are willing to work with officials in their efforts to keep inmates from making calls using the contraband devices. The State prisons chief wants to demonstrate how the jamming technology would work. A Federal Communications Commission spokesman said the agency recognizes officials’ distress about contraband cell phones, which some say have become a new form of cash behind bars. The FCC can grant federal agencies the authority to use the jammers, which prevent cell tower signals from ever reaching a phone, effectively blocking all calls. But there’s no such provision for state and local law enforcement. Critics say it’s impossible to contain the jamming technology to one or two buildings, and that using it runs the risk of affecting people using phones nearby. Source: http://www.greenvilleonline.com/article/20081113/NEWS06/81113055/1001/NEWS


27. November 13, Science Daily – (National) To widen path to outer space, engineers build small satellite. The “pico satellite” being designed and built in a University of Florida aerospace engineering laboratory may hold a key to a future of easy access to outer space — one where sending satellites into orbit is as routine and inexpensive as shipping goods around the world. “Right now, the way satellites are built, they’re all large, one-of-a-kind and very expensive,” says an associate professor of mechanical and aerospace engineering and the lead investigator on the project. “Our idea is that you could mass produce these small satellites and launch 10 or 20 from a single launch vehicle.” “There is a national push to make satellites smaller so that you can provide cheaper and more frequent access to space,” he said. As part of that push, the National Science Foundation this fall created the Advanced Space Technologies Research and Engineering Center at the UF College of Engineering. Source: http://www.sciencedaily.com/releases/2008/11/081113181312.htm


28. November 13, SC Magazine – (International) New attack targeting Windows mobile phones. Attacks on Google’s Android and Apple’s iPhone have made headlines recently but now Windows Mobile phones are the latest target. The latest wave is a Windows CE/Mobile polymorphic “companion” virus, according to a McAfee Avert Labs blog post on Thursday. It could also be regarded as one of the real first viruses for Windows Mobile, the head of global marketing for McAfee’s mobile division, told SCMagazineUS.com Thursday. The virus is notable because it combines two different PC attack methods — one called a “companion technique” and encryption. Researchers in the Georgia Tech Information Security Center (GTISC) recently predicted mobile threats will pose one of the top risks to end-users in 2009, suggesting that botnets will spread to handhelds. Source: http://www.scmagazineus.com/New-attack-targeting-Windows-Mobile-phones/article/121014/