Department of Homeland Security Daily Open Source Infrastructure Report

Tuesday, September 22, 2009

Complete DHS Daily Report for September 22, 2009

Daily Report

Top Stories

 The Washington Post reports that many state and local governments are not adequately prepared to deal with a surge of patients in a flu pandemic or quickly distribute vaccine and antiviral drugs, according to two reports by federal investigators released on Monday. (See item 30)

30. September 21, Washington Post – (National) Reports criticize pandemic planning. Many state and local governments are not adequately prepared to deal with a surge of patients in a flu pandemic or quickly distribute vaccine and antiviral drugs, according to two reports by federal investigators being released on Monday. An analysis of preparations by five states and 10 municipalities around the country found that many had failed to take steps crucial during a pandemic, such as recruiting health-care workers to volunteer, creating systems to track hospital beds and medical equipment, and determining how to manage a patient load that exceeds what emergency rooms are able to handle. “Our review found that although the selected states and localities are making progress within the five components of medical surge that we reviewed, more needs to be done to improve states’ and localities’ ability to respond to a pandemic,” investigators from the Department of Health and Human Services’ Office of Inspector General concluded in one report. The findings come as federal, state and local officials are preparing for a second wave of swine flu infections. The second report, which focused on vaccine and antiviral-drug distribution, similarly found that communities must do more to be able to respond adequately to a pandemic. A Centers for Disease Control and Prevention spokesman said that “CDC agrees that while states, overall, are doing well with antiviral drug distribution and development of vaccination plans, local pandemic preparedness can and should be improved.” The CDC on Friday gave details of the vaccination distribution, which will originate at four regional warehouses next month. The deliveries will be distributed among 90,000 immunization providers, including health departments, hospitals, doctors’ offices, and pharmacies. Source:

 According to the New York Daily News, FBI agents in Denver on Saturday arrested the reputed Al Qaeda terror cell operative, who researched baseball stadiums on a personal computer that also held interior maps of several New York venues, sources told the Daily News. (See item 45)

45. September 20, New York Daily News – (National) Reputed Al Qaeda terror cell operative Najibullah Zazi arrested by FBI. Federal Bureau of Investigation (FBI) agents on Saturday night arrested a reputed Al Qaeda terror cell operative who researched baseball stadiums on a personal computer that also held interior maps of several New York venues, sources told the Daily News. The suspected mastermind and his father were handcuffed as authorities raided the father’s suburban Denver home, television broadcasts showed. The FBI also arrested a Flushing, New York man. “The arrests carried out tonight are part of an ongoing and fast-paced investigation. It is important to note that we have no specific information regarding the timing, location or target of any planned attack. As always, however, the American people should remain vigilant and report any suspicious activities to their local authorities,” said the Assistant Attorney General for National Security. One suspect in the probe — that now reaches from New York to Colorado and overseas — told investigators that the mastermind was expected to decide when the cell would launch their attack, a law enforcement source said. ABC News reported he also had used his computer to research football stadiums and sites where recent Fashion Week events were held in Manhattan. He also had a cell phone video of Grand Central Terminal, sources said. Although the type of terror plot remained unclear, the FBI had e-mail and audiotaped conversations between the man and others — talking in code — saying their plans were steadily moving ahead, sources said. None of the potential stadium sites was identified by name, although both New York and Denver — the two cities at the heart of the investigation — host multiple professional sports stadiums. Source:


Banking and Finance Sector

13. September 21, Computerworld – (National) Heartland CEO: More card encryption needed. The top executive at Heartland Payment Systems Inc. last week called on credit card vendors, payment processors, and retailers to embrace an encryption standard that would protect credit and debit card numbers. Heartland’s chairman and CEO told the U.S. Senate Homeland Security and Governmental Affairs Committee that industry guidelines today do not require encryption of credit card numbers during transit between retailers, payment processors, and card issuers. Earlier this year, Princeton, New Jersey-based Heartland disclosed that a breach there exposed data stored on tens of millions of credit cards to a gang of hackers. Heartland’s CEO said that Heartland is deploying tamper-resistant point-of-sale terminals at its member retailers. “I believe it is critical to implement new technology, not just at Heartland, but industrywide,” he added. The Senate hearing was held in part to determine whether new legislation is needed to fight cybercrime. Source:

14. September 19, Phoenix Business Journal – (Arizona) FDIC seizes Irwin Union Bank. Irwin Union Bank F.S.B., which operates a branch in Mesa and Phoenix, was shut down by the Office of Thrift Supervision. The Federal Deposit Insurance Corp. was named receiver. First Financial Bank, based in Hamilton, Ohio, assumed all deposit accounts and those will be available immediately, the FDIC said in a announcement released late Friday. Bank failures typically have been announced in this manner, as the FDIC has sought to minimize the publicity of failed financial institutions under its watch. The two Valley locations will reopen Monday as branches of First Financial Bank and assume normal business hours. Earlier Friday, the Phoenix Business Journal reported that Irwin Union Bank F.S.B. was in serious jeopardy of being closed by federal regulators because of its plummeting capital level and its portfolio of soured loans. On Wednesday, the community bank’s parent, Irwin Financial Corp., entered a “cease-and-desist” agreement with the Federal Reserve System and the Indiana Department of Financial Institutions. Source:

15. September 18, Nisqually Valley News – (Washington) Feds seize Venture Bank. Venture Bank closed 5 p.m. Friday and was taken over by the Federal Deposit Insurance Corporation and a North Carolina-based bank. “We believe all value in the shares of the parent company, Venture Financial Group, has been irretrievably lost,” said the Venture Chairman in a September 12 letter to its shareholders. “The corporation is insolvent and is unable to file financial reports for the fiscal years 2008 and 2009.” The Washington Department of Financial Institutions closed the bank, citing “inadequate capital and severe loan losses.” Source:

16. April 2, United Press International – (Florida) Man pleads guilty to stock fraud. A Florida lawyer admitted Thursday to participating to federal mail and wire fraud charges in a scam that cheated investors out of millions of dollars. He faces up to 25 years in prison when he is sentenced in December. The defendant and two others created KL Group, an investment firm. But investigators said the company was an elaborate sham housed in an expensive office with an ocean view in Atlantic Beach, Florida. The three co-conspirators even paid stock traders to stay on the phone looking busy — and making money-losing trades — to give the firm the look of success, prosecutors said. The firm received $194 million from investors between 2000 and 2005 and lost at least $63 million, while putting out statements that claimed it was making lots of money. Source:

Information Technology

40. September 21, The Register – (International) Facebook app flaws create Trojan download risk. ”Unu,” a Romanian hacker, has discovered cross-site scripting vulnerabilities involving Facebook applications, of a type that might be used to distribute Trojan horse malware or launch other hacking attacks. The hacker — well known for identifying security flaws in the websites of banks, security firms and the UK parliament — has turned his attention to the social networking site, discovering a series of flaws in applications. Unu has posted screenshots illustrating the flaws he has identified in five apps developed by Newscloud, alongside an advisory that explains the possible ramifications of the flaws. A variety of attacks are possible — including uploading phpshells, redirects, or infecting pages with Trojan droppers — because the vulnerable applications expose a writeable directory to attack, the hacker explains. All five apps were developed by a former project engineer at Microsoft who works for Newscloud. Unu said he was not targeting Newscloud in particular, rather simply illustrating a more general problem with Facebook app security. Source:

41. September 20, Computerworld – (International) Microsoft unveils shield for critical Windows flaw as attack code looms. With attack code that exploits a critical unpatched bug in Windows likely to go public soon, Microsoft wants users to run an automated tool that disables the vulnerable component. The bug in SMB (Server Message Block) 2, a Microsoft-made network file- and print-sharing protocol that ships with Windows, affects Windows Vista, Windows Server 2008 and preview releases of Windows 7. When the flaw was first disclosed September 7, it was thought that attacks would only crash PCs, causing the notorious Blue Screen of Death. Since then, however, researchers have figured out how to create exploits that can be used to hijack a vulnerable computer. Last Wednesday, Miami Beach-based Immunity, which is best known for its CANVAS penetration testing framework, built a working remote code exploit, and released it to paying subscribers of its Early Updates program. On Friday, Microsoft confirmed that Immunity’s exploit worked as advertised. More worrisome, however, was news that the open-source Metasploit pen-testing software will add attack code this week, according to a noted security researcher and one of Metasploit’s makers. Metasploit’s exploit code is often used by hackers to build malicious attacks. Microsoft has not yet set a timetable for a patch, but said it is working on a fix. Until a patch is ready, Microsoft recommended that users run the automated “Fix it” tool posted Friday on its support site. The tool automatically disables the SMB 2 service, rendering any attack moot. That, however, also makes it impossible for PCs to communicate to file servers and network printers using the protocol. Source:

42. September 18, Network World – (National) Web site fixed after malware attack. Public Broadcasting System (PBS) says it has fixed the malware problem that compromised the Web site this week after an attacker exploited a site vulnerability in an effort to run a malware scam against visitors. A spokesman declined to provide much detail, but he says PBS became aware of the introduction of a rogue authentication screen on the Web site and took steps to eliminate it and fix the Web site. According to Purewire, which noticed the problem and reported it to, the rogue authentication screen on worked by trying to break into a visitor’s desktop computer by exploiting a variety of software vulnerabilities in Adobe and other applications that might be on the victim’s desktop. Source:

43. September 18, The Register – (International) Brute-force attacks target two-year hole in Yahoo! Mail. Scammers are exploiting a two-year-old security hole in Yahoo’s network that gives them unlimited opportunities to guess login credentials for Yahoo Mail accounts, a researcher said. The vulnerability resides in a web application that automates the process of logging in to the widely used webmail service. Because it fails to carry out a variety of security checks followed by the login page Yahoo! Mail users typically use, it’s providing criminals with a backdoor through which user accounts can be breached, said the director of application security research at Breach Security. Over the past seven weeks, a sensor deployed by WASC, or the Web Application Security Consortium, has detected “a few thousand” or more attempts to use the unprotected web application to carry out brute-force attacks on user passwords. Because the sensor is installed on just one of a massive number of open proxies, the honeypot is likely detecting only a small fraction of the overall activity. Source:

Communications Sector

44. September 17, TechFlash – (Washington) Fisher Plaza forensic report cites failure of insulation in bus duct. A forensic report on this summer’s power outage at Seattle’s Fisher Plaza technology complex cites a failure of insulation inside a bus duct — a metal housing that contains thick strips for conducting electricity — as the likely cause of the incident that took dozens of Web sites offline for as much as a day or more. The report by Power Science Engineering Inc. of Shoreline recommends steps including routine maintenance and monitoring of the electrical equipment to prevent such incidents in the future. However, Fisher Plaza officials say they conducted regular maintenance of the area — including infrared and thermal scans and physical inspection of the equipment — inside the facility. Fisher Plaza officials distributed the report to tenants of the facility along with a memo referring to the incident as a “significant heat event,” without explicitly characterizing it as a fire. The facility has been shifting away from generator power, back to electricity supplied by Seattle City Light, according to the memo. It notes that the facility is expected to be back to “normal operating status” by November 1. The incident in early July at Fisher Plaza East exposed a big gamble that many tech companies take by limiting themselves to a single location when setting up their online infrastructure. Sites including, Microsoft Bing Travel, and many others were taken offline as a result of the outage. Although it doesn’t appear that separating the two would have prevented the incident, the report notes that damage and impact could have been reduced if the bus ducts weren’t positioned next to one another. Source: See also: