Department of Homeland Security Daily Open Source Infrastructure Report

Monday, July 20, 2009

Complete DHS Daily Report for July 20, 2009

Daily Report

Top Stories

 CBS News and the Associated Press report that Minneola, Florida officials were forced to change the locks on every city-owned building because a truck with all the keys inside was stolen over the July 11 weekend. Officials said on July 14 that about 150 locks had to be changed. (See item 27)

27. July 16, CBS News and Associated Press – (Florida) Locked out: City loses keys to city. Minneola, Florida officials were forced to change the locks on every city-owned building because a truck with all the keys inside was stolen over the July 11 weekend. Officials said Tuesday that about 150 locks had to be changed. When employees arrived at a wastewater treatment facility Monday morning, they discovered that a city-owned truck had been stolen. Officials say a set of keys had been left in the truck that could open the doors to every lock in the city, including those at City Hall, the fire department, the library, lift stations and recreational facilities. The city manager said employees checked all the city facilities on Monday and found no signs of tampering. Source:

 According to Bloomberg, suicide bombers attacked the Ritz Carlton and JW Marriott hotels in Jakarta, Indonesia on July 17, killing eight people and injuring at least 53. The attackers may have stayed at the Marriott, said an adviser to the Indonesian president. (See item 39)

39. July 18, Bloomberg – (International) Ritz, Marriott hotel bombings in Jakarta kill eight people. Suicide bombers attacked the Ritz Carlton and JW Marriott hotels in Jakarta, Indonesia on July 17, killing eight people and injuring at least 53 in Indonesia’s first terrorist attack in almost four years. Investigators are still trying to determine which group dispatched the two bombers, the national police chief told reporters. There was no immediate statement of responsibility for the attacks. The blasts at about 7:45 a.m. local time rocked the buildings in an up-market shopping and business district, ripping the facade off the Ritz, blowing out windows, and showering the street with glass and debris. At least eight U.S. citizens were hurt in the blast, the Associated Press reported, citing an unidentified American official. The attackers may have stayed at the Marriott, said an adviser to the Indonesian president. Police found an unexploded bomb in Room 1808 of the hotel, he said by telephone in Jakarta. TVOne showed closed-circuit television footage of a man walking into the Marriott with a briefcase before the blast. Authorities cleared the hotels of injured people within half an hour of the explosions and deployed about 300 soldiers from the Jakarta military command. The MMC Hospital, a medical center closest to the hotels, was crowded with people suffering burns, cuts, and broken limbs. Source:


Banking and Finance Sector

Nothing to report.

Information Technology

32. July 16, BBC News – (International) Twitter calls lawyer over hacking. The microblogging service Twitter is taking legal advice after hundreds of documents were hacked into and published by a number of blogs. TechCrunch has made public some of the 310 bits of material it was sent. It posted information about Twitter’s financial projections and products. “We are in touch with our legal counsel about what this theft means for Twitter, the hacker and anyone who accepts...or publishes these stolen documents,” said a co-founder of Twitter. In a blog posting he wrote that “About a month ago, an administrative employee here at Twitter was targeted and her personal email account was hacked. “From the personal account, we believe the hacker was able to gain information which allowed access to this employee’s Google Apps account which contained Docs, Calendars and other Google Apps Twitter relies on for sharing notes, spreadsheets, ideas, financial details and more within the company.” The co-founder went on to stress that “the attack had nothing to do with any vulnerability in Google Apps.” He said this was more to do with “Twitter being in enough of a spotlight that folks who work here can be a target.” It is believed a French hacker who goes by the moniker “Hacker Croll” illegally accessed the files online by guessing staff members’ passwords. Source:

33. July 16, CNET News – (International) Microsoft sues alleged IM spammers, phishers. Microsoft is bringing out the big guns to combat instant message spam and phishing attacks done to users of its Live Messenger network. The Redmond, Washington-based software giant filed a civil lawsuit on July 16 in King County Superior Court in Seattle against Funmobile, Mobilefunster, and several individuals, who Microsoft says is responsible for the intentional misuse of the service to gain the personal information of its users. In the suit, Microsoft cites a multitude of attacks including IMs that appear to be coming from users they know, as well as phishing attacks that mimic the look and feel of an outside service, or an official Microsoft support page. Microsoft says that the successful use of these tactics has let third parties obtain these users’ personal account information, then exploit it by sending mass spam and phishing messages to the contacts of users whose accounts have been breached. In a post on Microsoft’s security blog Microsoft on the Issues, Microsoft’s associate general counsel of Internet safety enforcement said the company hopes the suit will accomplish three things. One is to stop companies and individuals from continuing the attacks through injunction. Microsoft also intends to “recover monetary damages,” as well as send a message to other parties who would try similar tactics. Microsoft counts the number of its Windows Live Messenger users at more than 320 million, although the suit makes no mention of how many of those users have been affected by the privacy attacks. However, it does say that the attacks have put a strain on the servers that run the service, as well as its security teams, which have to monitor and combat incoming attacks. In the meantime, the company is urging users of its Live Messenger service and other Live services not to give other people their log-in information. Source:

34. July 16, NetworkWorld – (International) Will new top-level domains promote cybersquatting? The Internet Corporation for Assigned Names and Numbers (ICANN) is hosting two meetings the week of July 13 — one in New York City and the other in London — to discuss the trademark and cybersecurity issues surrounding its plan to introduce hundreds of new top-level domains into the Internet. Similar meetings will be held in Hong Kong the week of July 20 and Abu-Dhabi in early August. At these public meetings, ICANN is discussing the protections that it will give corporations so they do not have to spend huge sums of money purchasing their company and brand names in all of the new top-level domains. ICANN plans to introduce hundreds of top-level domains — such as .nyc, .sport and .food — next year. Wary about this plan, U.S. corporations with large portfolios of domain names have asked ICANN for special protections for trademark owners to prevent cybersquatting and other deceptive practices such as phishing. The president of ICANN’s Intellectual Property Constituency and a partner with law firm Mitchell Silberberg & Knupp said the ICANN meeting in New York City focused on preventative measures that ICANN can put in place to prevent cybersquatters from registering trademark-protected names. “The meeting also included the malicious conduct issue,” the president said. “We believe the new TLDs will provide a lot of new opportunities for phishing, pharming and malware, and we are trying to minimize the risk.” Source:

35. July 16, KPTV 12 Portland – (Oregon) Turkish hacker hits Portland Web sites. A handful of Portland Web sites became the unsuspecting targets of Turkish hackers over the weekend of July 11. The home page of the Central Northeast Neighbors was replaced by a message claiming the site had been cracked by a Turkish hacker. Five other sites were also hit. The owner of the company that hosts and services the sites said the hacker simply erased the homepage and replaced it with his own. The owner keeps all the files and data on private servers. He hosts more than 30 sites, but only a handful were hacked. He said there is no way of knowing who is really responsible. “I suspect he’s in Turkey, (but) I don’t know where he is,” the owner said. “I think these people do this just to show he can do it.” A Google search on July 15 showed numerous sites claiming to be hacked. All sites were running as normal by July 15. Source:

Communications Sector

36. July 16, DarkReading – (International) Ireland’s largest ISP may be under attack. Ireland’s largest Internet service provider has been experiencing performance problems for more than a month, and some researchers believe it has become the victim of multiple DNS poisoning attacks. Users first began complaining of slow response times at the end of May, according to online bulletin boards. Some users also complained that their Web queries were being redirected to other sites. Many of those queries ended up at the same advertising site, which suggests a DNS compromise, according to a blog by a security researcher at Trend Micro. Complaints from Eircom users reportedly intensified at the beginning of July, and the week of July 6 the ISP issued a statement that confirmed the problem: “Customers may have recently experienced delays in web browsing and may have been unable to access the Internet,” the statement said. “In some cases, customers may have been redirected to incorrect Websites. This issue has been caused by an unusual and irregular volume of internet traffic being directed onto our network, and this impacted the systems and servers that provide access to the Internet for our customers. Eircom is working continuously to minimize the impact for customers and has taken a number of steps, including software updates and hardware interventions, to fully restore Internet service.” But the week of July 13, users again are reporting problems using the ISP’s services. In a second statement issued July 14, the ISP conceded that the problem may be a second attack. “While it is too early to confirm, Eircom believes that [this week’s performance issues are] related to an unprecedented volume of traffic deliberately directed at our network which has caused difficulties for customers over recent days,” the company says. Source:

37. July 16, Sacramento Bee – (California) Fire topples Sacramento radio tower. A two-alarm wild fire late on July 15 toppled a 250-feet radio tower along the American River Parkway, damaged a second one and threatened a third, fire officials said. The fire, near Commerce Circle and Lathrop Way in North Sacramento, was reported shortly before noon, according to a Sacramento Fire Department news release. No injuries were reported, fire officials said. The fire destroyed a small building that housed radio equipment at the base of the collapsed tower. ABC Radio, which broadcasts Radio Disney to the Sacramento area, owns the three towers. Fire investigators are looking into whether “something electrical” inside the building caused the fire, but have not yet determined a cause. Source:

38. July 15, Whitman & Hanson Express – (Massachusetts) Phone malfunctions cause issues in town. A malfunction in the Brockton Verizon building wreaked havoc with phones on July 14 in Whitman. At one point, one could not call out or receive a call on any line at the fire or police station. On July 14, firefighters discovered a problem with the 911 system; when a call was transferred from State Police, the line went dead. Luckily State Police still had the person on the line making the emergency call. Throughout the day, the issue became worse, knocking phones out to all the business lines at the fire station, police station, Town Hall and residential lines throughout the town. Residents were unable to call 911 for help, and their only way to notify the news office was via a fire alarm box on the street or their cell phone. “The issue with using cell phones is all 911 calls go to State Police in Framingham, who then transfer them down, and that’s the problem, the phones would not transfer either,” said the police chief. Verizon was at a loss for some time trying to figure out the problem. Phones were back on line and working by late July 14, 16 hours later. Source: