Department of Homeland Security Daily Open Source Infrastructure Report

Friday, June 19, 2009

Complete DHS Daily Report for June 19, 2009

Daily Report

Top Stories

 The New York Times reports that the EPA declared a public health emergency on Wednesday in and near Libby, Montana, where over the course of decades asbestos contamination in a vermiculite mine has left hundreds of people dead or sickened from lung diseases. It was the first health emergency ever declared under the Superfund law. (See item 7)

7. June 17, New York Times – (Montana) U.S. cites emergency in asbestos-poisoned town. The Environmental Protection Agency declared a public health emergency on June 17 in and near Libby, Montana, where over the course of decades asbestos contamination in a vermiculite mine has left hundreds of people dead or sickened from lung diseases. It was the first health emergency ever declared under the Superfund law, the 1980 statute that governs sites contaminated or threatened by hazardous substances. The Libby site has been designated a Superfund priority since 2002. A spokeswoman for the EPA said that in anticipation of the declaration, the Department of Health and Human Services had agreed to make $6 million available to the Lincoln County Health Clinic, which provides care to residents of the area, to finance treatment of people with asbestos-related conditions. She said the declaration also authorized the environmental agency to remove vermiculite, whose uses include insulating, from buildings there. The Libby mine, originally operated by the Zonolite Company, at one time provided 80 percent of the nation’s vermiculite insulation, according to the EPA. W.R. Grace & Company bought the mine in 1963 and, according to the agency, sold vermiculite insulation from there until 1983. Grace closed the mine in 1990. The company and three of its former executives were acquitted in federal court last month of charges that they had knowingly contaminated Libby with asbestos and then conspired to cover up the deed. Source:

 According to the Associated Press, water supplies for 33 million people could be endangered if millions of acres of beetle-ravaged forests in the Rocky Mountains catch fire, a U.S. Forest Service official told a House panel on Tuesday. Severe fires, fueled by these trees, could damage or destroy reservoirs, pipes, and other infrastructure that supply water in the region. (See item 25)

25. June 16, Associated Press – (National) Water supplies at risk from fires in dead forests. Water supplies for 33 million people could be endangered if millions of acres of beetle-ravaged forests in the Rocky Mountains catch fire, a U.S. Forest Service official said on June 16. The chief forester for the Rocky Mountain region told a House panel that the headwaters of the Colorado River, an important water source for residents of 13 States, are in the middle of 2.5 million acres of dead or dying forests in Colorado and southern Wyoming. Severe fires, fueled by these trees, could damage or destroy reservoirs, pipes and other infrastructure that supply water to millions of people in the Rocky Mountain region. Wildfires can “literally bake the soil,” leaving behind a water-repellent surface that sheds rain and leads to severe erosion and debris, he said. The loss of so many trees also will reduce shade in the region, which in turn could reduce water supplies in the hot, dry summer months and accelerate snowmelt in the spring, he said. A Forest Service analysis indicates people in San Diego, Los Angeles, Phoenix, and Tucson, Arizona who get their tap water from the Colorado River get one quart of every gallon from National Forests in the Rocky Mountain region. The current outbreak — which has killed nearly 8 million acres of trees — is the biggest in recorded history, a research entomologist with the Forest Service told the committee. Another concern is the 13,000 miles of electricity transmission lines that run through the forests. There is a possibility that multiple fires at the same time could cause widespread regional power outages, the special projects manager for the Western Area Power Administration told the committee. Source:


Banking and Finance Sector

11. June 18, Kennebec Journal & Morning Sentinel – (Maine) Phone scams hit area in ‘huge’ new wave. A phone scam is affecting residents of the Waterville area. An unlisted number contacts an individual telling them that their account has been locked to supermarket use only and they are instructed to press “1” to speak to a representative. “There have been a huge number of telephone scams going on in the area,” the Waterville chief of police said on June 17. “It is all over the place. It is prolific.” New Dimensions Federal Credit Union has fielded numerous complaints, he said. At least one complaint was filed with the Winslow Police Department on June 16, from a resident who received the pre-recorded message at 9:45 p.m., asking for her debit-card information. The woman contacted her bank, TD Banknorth, and was told that others had made the same complaint that day, according to a police log. The telephone scams, which are sometimes referred to as “phishing” calls, appear to involve both a pre-recorded message claiming to be from a financial institution and another that involves a live person, the Waterville chief of police said. Source:

12. June 17, KPTV 12 Portland – (National) Text scam says Visa account closed. A nationwide text messaging scam that aims to trick cell phone users into handing over their bank account information has swept the country in recent weeks. Thousands of people across the United States have received the same text message and some have called the phone number. The victims have reported fake charges on their Visa cards and others have had their accounts cleaned out. Because the scammers use phone numbers for just a few days, it is difficult for investigators to track them down. Consumer experts recommend never responding to text messages and always calling the bank first. Experts have warned that the scammers often send the messages on a Friday so they can use the bank account information over the weekend. The Federal Trade Commission has taken control of some of the phone numbers used by the scammers in hopes of getting the word out about the scam. Source:

13. June 17, Insurance Journal – (Texas) Texas AG warns of scam targeting credit union accounts. The Texas Attorney General has warned that Schlumberger Employees Credit Union members should be aware of a “smishing” scam that has been uncovered in the Houston area. Members of the Sugar Land-based credit union have complained to the Office of the Attorney General about receiving fraudulent text messages that claim their Schlumberger Employees Credit Union debit card has been deactivated for security reasons. The text messages claim that cardholders must call an 800-number and provide personal information to reactivate their cards. The Attorney General warned that personal information should never be provided in response to unsolicited text messages, e-mails or telephone calls — even if they appear to be from a legitimate business. Recipients should never click on links provided in unsolicited e-mails or text messages. Banks do not send unsolicited electronic messages or make unsolicited phone calls asking customers for their personal information. Customers with questions about the validity of communication that claims to be from a financial institution should contact the institution directly by telephone or in person. Source:

14. June 17, Reuters – (National) FDIC’s Bair says big firms “can and will fail.” Market participants should clearly get the message that large financial institutions “can and will fail” under the Presidential Administration’s regulatory reform proposal, the top U.S. bank regulator said on June 17. The chairman of the Federal Deposit Insurance Corp said addressing the idea of “too big to fail” is “of primary importance.” “Market participants should understand that large institutions can and will fail and that an effective resolution mechanism will be uniformly applied to institutions in a fair, transparent and consistent manner,” the chairman said in a statement. The U.S. President’s sweeping plan to reform financial regulation, which was unveiled on June 17, included a proposal to make the FDIC the resolution authority responsible for unwinding troubled financial firms. The chairman has told lawmakers that an effective resolution regime could discourage banks from growing too large and complex because they would no longer view government bailouts as a backstop. Source:

Information Technology

36. June 18, – (International) BKIS – Deep Freeze application fails to detect new Chinese worm. Security researchers at Bach Khoa International Security (BKIS) have warned computer users about a new worm called W32.SafeSys.Worm that has an ability to bypass security applications such as Deep Freeze. The worm was first detected in early March 2009, and since then, around 174 new variants of this Chinese born virus have been discovered on the Internet. Faronics has developed Deep Freeze application to facilitate administrators to restore their systems after being used by unauthorized parties. Cybercafes, school computer labs and libraries are increasingly using this application to protect their systems from hackers’ attacks. Deep Freeze prime function is to monitor changes in sectors (like data storage area) within hard disk partitions and save changes in another area (like buffer). When a normal program retrieves anyone of these sectors, it collects data from the buffer sector instead of the original sectors. As the system initiates the rebooting process, temporary data saved in the buffer gets deleted and the system is restored to its previous state. Hence, online shops often believe that their systems are safe from virus attacks as they have installed Deep Freeze application. However, W32.SafeSys.Worm utilizes a new technique in which it directly writes on sectors of hard disk by requesting for direct link with the disk controller. Interestingly, the worm does not leave any scope for its identification by frozen system programs such as Deep Freeze while writing on hard disk. It has been found that online shops solely depends on the abovementioned software and do not have other protections installed fall to W32.SafeSys.Worm. As per the figures given by BKIS, nearly 45,000 computers across Vietnam have been discovered with this virus. Source:

37. June 18, ComputerWeekly – (International) Hackers to release Apple iPhone OS 3.0 software jailbreak. The Dev Team’s MuscleNerd has released a video demonstration of Ultrasnow, an updated version of the hacker group’s Yellosnow iPhone software jailbreak released on January 1, 2009. Apple has since patched the iPhone’s vulnerability exploited by Yellosnow to allow iPhone users to connect to the mobile phone carrier of their choice. Ultrasnow capitalizes on another weakness in newer Apple iPhones discovered by an Israel-based hacker just six weeks after Apple gave a preview of iPhone OS 3.0. MuscleNerd claims Ultrasnow will work on any iPhone 3G running 3.0, but does not mention Apple’s new iPhone 3GS, also due for release on June 19. But in a blog posting, the Dev Team said they will not be releasing any updates on their progress with iPhone 3G S. Source:

38. June 17, CNET News – (International) ‘Golden Cash’ botnet-leasing network uncovered. Researchers at security firm Finjan said on June 17 that they have uncovered an underground botnet-leasing network where cyber criminals can pay $5 to $100 to install malware on 1,000 PCs for things like stealing data and sending spam. The Golden Cash network, dubbed “Your money-making machine” on its home page, sells access to botnets comprised of thousands of compromised PCs to cyber criminals for custom malware spreading jobs, according to issue 2 of the Cybercrime Intelligence Report for 2009. It works like this: a cyber criminal creates a botnet by hiding malicious code in a legitimate Web site that is used to turn Web surfing PCs into zombies. The code, typically an iFrame, points the PCs to a separate Web site where they are then infected with a Trojan backdoor that reports back to the Golden Cash command and control server. In order to increase the number of botnets, the Golden Cash server installs an FTP (file transfer protocol) grabber on new zombies to steal credentials used by the computers to run Web sites, giving the server control over additional legitimate Web sites. Approximately 100,000 domains, including corporate domains from around the world, were identified among the stolen FTP credentials under Golden Cash’s control, according to the report. Customers pay for the ability to install different types of malware on the Golden Cash bots, which are recycled for new jobs and new customers afterward. Prices are higher for compromised PCs in western countries, the report said. “This advanced trading platform marks a new milestone in the cybercrime evolution,” Finjan said in a statement. Source:

Communications Sector

Nothing to report.

No comments: