Department of Homeland Security Daily Open Source Infrastructure Report

Wednesday, August 19, 2009

Complete DHS Daily Report for August 19, 2009

Daily Report

Top Stories

 According to the Register Pajaronian, authorities lifted a mandatory evacuation on Monday for about 2,200 residents living in the area affected by the Lockheed Fire, which started near a Lockheed Martin facility in Santa Cruz County, California. (See item 13)

13. August 18, Register Pajaronian – (California) Firefighters gain ground on Lockheed Fire. Authorities lifted a mandatory evacuation on August 17 for about 2,200 residents living in the area affected by the Lockheed Fire, while others are still waiting to go home. The fire was about 80 percent contained after burning more than 7,000 acres over a 11-square-mile area. Fire officials predicted they would have full containment by August 20. Five injuries were reported, and no homes had been damaged, although about six were reported threatened on Warnella Road. Two outbuildings had been damaged and one had been destroyed. A damage inspection team was evaluating power and water systems to determine whether the area is safe for other residents to return. Some roads in the area — including Warnella Truck Trail at Cement Plant Road, Highway 1 at upper and lower Swanton Road and Blodgetts Road at Empire Grade at the top end — remained closed, though residents with identification were being allowed in. Crews were unable to fight the blaze by air on August 16 because of heavy smoke, but more than 2,100 firefighters made progress on the ground along the western and southern ends of the fire, said a state fire department engineer. So far, it has cost $12 million to fight the fire. Source:

 WCVB 5 Boston reports that the operator of a heavily trafficked drawbridge linking Boston and Chelsea, Massachusetts was taken into protective custody on August 15 after he failed to raise the bridge for an approaching ship and police found him allegedly intoxicated at his post. (See item 18)

18. August 17, WCVB 5 Boston – (Massachusetts) Police: Bridge operator found intoxicated. The operator of a heavily trafficked drawbridge linking Boston and Chelsea, Massachusetts, was taken into protective custody August 15 after he failed to raise the bridge for an approaching ship and police found him allegedly intoxicated at his post, Chelsea police said. Officers were dispatched to the Andrew P. McArdle Bridge at about 4 p.m. on August 15 when a tugboat trying to pass underneath the structure notified police that it was unable to make contact with the drawbridge operator, according to the Chelsea Police Chief. Officers traveled to the bridge for a well-being check and found the operator, “in a state of intoxication,” at his monitoring station. The operator, who is an employee of the Boston Department of Public Works, was taken into protective custody and replaced by another bridge operator. A worker at the nearby Fitzgerald Shipyard said tankers frequently pass under the bridge to reach the fueling stations. The worker who said he witnessed the incident on August 15 estimated that about 20 ships pass underneath the bridge each day. Source:


Banking and Finance Sector

14. August 18, Minneapolis Star Tribune – (Minnesota) Investors turn attention to stressed banks in Minnesota. Minnesota’s strapped community banks have been turning to their existing shareholders to pony up more money to weather the economic maelstrom, a sort of pass-the-hat strategy, as one industry player said. But now outside investors, including wealthy individuals, private equity firms and investment groups, are buying in. The nascent interest in local banks comes after national mega-deals to rescue insolvent banks earlier this year. Private equity groups bought Miami’s BankUnited Financial Corp. in May, and Pasadena, Calif.-based IndyMac Bancorp in January, after the Federal Deposit Insurance Corp. (FDIC), struggling with a wave of bank failures, opened the door last fall for nonbank buyers to bid for the failed banks. Two Minnesota banks have failed since the current banking crisis: First Integrity in Staples and Horizon Bank in Pine City. Other banks purchased both. That pattern may soon change. Private investors view the bank industry as undervalued now. The head of Minneapolis-based Fredrikson and Byron said she’s handling a half-dozen equity deals where outside private investors — not existing bank shareholders — are taking minority or controlling stakes in local community banks and, in at least one deal, are planning to buy the bank outright. She will not name names, but she said the deals range from $200,000 to $25 million and involve local and out-of-town investors. Source:

Information Technology

37. August 17, CNN – (International) Study warns of cyberwarfare during military conflicts. An independent research group predicts that cyberwarfare will accompany future military conflicts and is recommending international action to blunt its impact. Computers can become victims in future military conflicts, says the nonprofit U.S. Cyber Consequences Unit, which studied the cybertactics used against the country of Georgia during its military conflict with Russia last year. Cyberattacks in August 2008 shut down the Web sites of crucial Georgian government agencies, the media, and banks. “The Russians have developed a model here that is very effective,” said the director of US-CCU. “We can expect to see the Russians use it in the future, and other countries as well.” Because of the sensitive nature of much of the information, the full 100-page report is being released only to U.S. government officials and selected cybersecurity professionals. CNN was provided a nine-page summary. The study concludes that the cyberattacks against Georgian targets were carried out by civilians, many of them recruited via social networking forums devoted to dating, hobbies, and politics. “There was a large-scale collaboration on these forums,” said the US-CCU’s chief technical officer. “They were used to recruit potential actors to launch attacks, to collaborate on what types of attacks worked and what types of attacks didn’t work. They were used to collaborate on how to bypass security controls and share attack codes.” As a result, the technical officer said, Russian sympathizers who were not hackers, and who didn’t even know much about computers, could participate. The hackers did not carry out physically destructive cyberattacks, although they probably had the technical expertise to do so, suggesting that “someone on the Russian side was exercising considerable restraint,” the report says. The report also notes that media and communications facilities, which might have been attacked by missiles and bombs in a conventional war, were spared “presumably because they were being effectively shut down by cyberattacks.” Source:

38. August 17, Softpedia – (International) Two Facebook phishing attacks in one day. Facebook was the target of two independent and non-related phishing attacks through its applications service. Two security experts discovered, investigated and reported these attacks to the social network’s admins, who took all the protection measures. The first one was was an application called Customer Dispute. The application link did not open an actual app page, but managed to clone a Facebook URL ( ). Instead of the standard application install screen, it printed a “404 – Page not found” error. The detail that triggered the expert’s interest was the fact that the error was NOT FROM FACEBOOK, but from a hosting company called Ripway. A researcher had this to say about Ripway: “The entire content is taken up by a ‘Page not found’ message served up by Ripway hosting (who are often used and abused by script kiddies with phish pages and rogue executable storage).” The second attack was about another Facebook application. The app sent out countless notifications informing users of a comment on one of their posts that they needed to check out. The link (when hovering the mouse over it) redirected to a page from the domain name that contained some info-stealing content. According to a second researcher, “The server at loads up a JavaScript before immediately using HTTP meta refreshtags to pull up the real Facebook website and prompting the victim for their login credentials.” He also added, “The attack site is registered to an Arsen Tumanyan who allegedly resides in Armenia, the domain is registered through GoDaddy and the URL leads to an IP address that resolves to the

For another story, see item 39, below

Communications Sector

39. August 18, IDG News Service – (National) Motorola boosts wireless network security. Motorola said on August 18 it is adding vulnerability assessment to its wireless intrusion-prevention system (IPS) device so that organizations can scan for security holes in Wi-Fi and wireline networks. AirDefense Wireless Vulnerability Assessment, expected to ship next month as a software module for Motorola’s wireless IPS sensor, will be able to emulate a laptop to validate the security posture of the customer’s environment. “If someone can get into your wireless network, this would show how far they could get,” said the product manager. AirDefense wireless security sensors often are used by being mounted high within retail stores. Typically, two or three sensors would be required to cover a 100,000 sq. ft. area., depending on obstacles such as thick walls that could limit wireless coverage, the product manager notes. Sensors are managed via an appliance. The new vulnerability assessment capability is intended to address requirements in the PCI Security Standards Council’s Data Security Standard 1.2 as well as the more recent wireless security guideline on protection of payment cards, which was issued in July. Source:

40. August 17, Redding Record-Searchlight – (California) Charter Internet suffers rolling outages. Local Charter Media Internet subscribers on August 17 have been subjected to disconnections and slow speeds due to an outage that has been “rolling from area to area.” A Charter spokeswoman in Redding said company troubleshooters were notified of the problem around 10:30 a.m. She said the problem has spread through Northern and Southern California and a few other states. She did not know how many customers were affected. “We don’t know the cause, other than it’s with our third-party vendor,” she said. “Call centers have all been alerted to this, and hopefully information is getting back to customers on a timely basis.” Source:

41. August 15, Minnesota Public Radio – (Minnesota) Minnesota Public Radio stations in Moorhead and Appleton sustain damage. Minnesota Public Radio’s transmitters in Moorhead (KCCM) and Appleton (KRSU) have sustained storm damage. Listeners in these areas may experience problems. In Moorhead classical music station 91.1 KCCM is off the air until damage has been repaired. In Appleton classical music station 91.3 KRSU is operating at lower power until damage has been repaired, so some listeners may not be able to pick up the signal. MPR’s engineers are working quickly to resolve the issue. Source:

For another story, see item 37