Department of Homeland Security Daily Open Source Infrastructure Report

Friday, December 18, 2009

Complete DHS Daily Report for December 18, 2009

Daily Report

Top Stories

 According to the Wall Street Journal, militants in Iraq have used $26 off-the-shelf software to intercept live video feeds from U.S. Predator drones, potentially providing them with information they need to evade or monitor U.S. military operations. (See item 26)

26. December 17, Wall Street Journal – (National) Insurgents hack U.S. drones. Militants in Iraq have used $26 off-the-shelf software to intercept live video feeds from U.S. Predator drones, potentially providing them with information they need to evade or monitor U.S. military operations. Senior defense and intelligence officials said Iranian-backed insurgents intercepted the video feeds by taking advantage of an unprotected communications link in some of the remotely flown planes’ systems. Shiite fighters in Iraq used software programs such as SkyGrabber — available for as little as $25.95 on the Internet — to regularly capture drone video feeds, according to a person familiar with reports on the matter. U.S. officials say there is no evidence that militants were able to take control of the drones or otherwise interfere with their flights. Still, the intercepts could give America’s enemies battlefield advantages by removing the element of surprise from certain missions and making it easier for insurgents to determine which roads and buildings are under U.S. surveillance. Source:

 The Thibodaux Daily Comet reports that inflatable levees went up, sandbags were filled, bayous spilled over their banks, and emergency workers used boats to rescue people from flooded homes Tuesday in parts of Terrebonne and Lafourche, Louisiana, where the parish president declared a state of emergency in response to the flooding. (See item 48)

48. December 16, Thibodaux Daily Comet – (Louisiana) Winter downpour drenches Terrebonne, Lafourche. Inflatable levees went up, sandbags were filled, bayous spilled over their banks, and emergency workers used boats to rescue people from flooded homes Tuesday in parts of Terrebonne and Lafourche, Louisiana. Sandbags and temporary levees were needed to hold back flooding in Lafourche after heavy rains drenched much of southeast Louisiana during what has already become wettest December on record for the region. According to the National Weather Service, more flooding could be possible. Moderate rain is expected to continue Thursday and Friday, and though flash-flooding is not expected, already-high water levels could pose problems. In the Raceland community of Alidore, where local flooding was most severe, Lafourche sheriff’s deputies used boats and trucks to evacuate more than 60 people from streets where chest-deep water pushed its way into dozens of homes. The Sheriff’s Office estimated that nearly 200 homes in the neighborhood took on water, and some remained flooded today. Alidore was Thursday’s main focus for the Lafourche Office of Emergency Preparedness. The director of that office also said Emergency Preparedness workers are also in north Lafourche’s Sixth Ward and Chackbay areas, where the water was close to overtopping the levees. Raceland received about 11.4 inches of rainfall during the 48 hours between Monday and Tuesday, according to Weather Underground. Raceland’s total rainfall for December stands at just under 11.8 inches. In Terrebonne, as floodwaters drained into a swollen Bayou Terrebonne, water overtopped banks between Schriever and Southland Mall in Houma and flooded yards, streets, and a few low-lying bayouside homes and businesses. Houma received about 5.2 inches of rain Monday and Tuesday. The city’s normal December total is 12 inches. The Lafourche Parish president declared a state of emergency Tuesday in response to the flooding. The emergency declaration allows the parish president to spend money on an emergency basis to fight the flooding without going through time-consuming public bidding and other laws. So far, more than 25,000 sandbags as well as 2,000 feet of inflatable levees have been used to try to stem flooding in Lafourche. Source:


Banking and Finance Sector

6. December 17, Associated Press – (National) Citigroup to suspend foreclosures for 30 days. Citigroup Inc. will suspend foreclosures and evictions for 30 days in a temporary break for about 4,000 borrowers during the holiday season. The New York-based bank said on December 17 the suspension will run from December 18 through January 17. It applies only to borrowers whose loans are owned by Citi. Borrowers who make payments to Citi but whose loans are owned by other investors are out of luck. “We want our borrowers to have a much less stressful time, to spend their time with their families during the holidays as opposed to worrying about their homes,” the head of the company’s mortgage division said in an interview. The suspension means Citi will halt foreclosure sales and stop evicting homeowners from properties it has already seized. The company projects it will help 2,000 homeowners with scheduled foreclosure sales and another 2,000 that were due to receive foreclosure notices. The head of the mortgage division also said the company is working on “some long-term fundamental alternatives” to foreclosure, but declined to be specific. “We know that moratoriums are not permanent solutions,” he said. Source:

7. December 17, Washington Post – (National) SEC tightens rules on investment advisers, corporate transparency. The Securities and Exchange Commission on December 16 put in place two new policies aimed at avoiding a repeat of the largest Ponzi scheme in history and addressing concerns that excessive compensation and ineffective oversight by corporate boards fueled the financial crisis. The first measure, passed unanimously by the commission, requires new oversight, including outside audits, of financial advisers. Some advise clients about where to invest their assets and also control those assets. The rules seek to ensure that clients’ assets are where advisers say they are. The second measure, which passed over the objection of one of the agency’s five commissioners, requires that companies disclose more information about how they pay employees — in particular, in ways that could create incentives for risk-taking — and the qualifications of people who sit on corporate boards. The measure is a response to criticism that boards, particularly at Wall Street firms, allowed executives to make unseemly bets, netting short-term profit but putting the firms at risk in the long run. The new policies, which were proposed earlier this year, are the first to be made official under the SEC chairman. A bevy of other high-profile proposals — including new restrictions on short selling and new powers for shareholders to nominate directors — have been long delayed. SEC officials expect to finalize a rush of proposals early next year. Source:

8. December 16, KOSA 7 Odessa – (Texas) Bomb threat at Big Spring Bank. State National Bank in Big Spring, Texas was evacuated around 9 am after someone phoned in a bomb threat. Bank employees and construction workers outside were moved across the street as a precaution. Neighboring streets were also blocked off. Police swept the building for about an hour. No bomb was found and everything returned to normal a little after 10 am. Source: 9. December 16, Central Valley Business Times – (California) FDIC warns of counterfeit checks. The Federal Deposit Insurance Corporation says counterfeit expense checks bearing the name GBC International Bank, Los Angeles are in circulation. The counterfeit items display the routing number 122235902, which is assigned to GBC International Bank. The fake checks have ornate borders on all sides with a security feature statement embedded within the top border, the FDIC says. The words “PAY TO THE ORDER OF” are in the lower-left corner. Authentic checks, however, have blue top and side borders and the word “PAYEE” is displayed on the left side. Source:

10. December 16, Associated Press – (Colorado) 3 indicted in Colo. affordable housing investment scheme involving $31 million. A federal grand jury has indicted three people on charges of conspiracy and fraud over an alleged investment scheme involving millions of dollars. The U.S. Attorney’s Office said on December 16 that the owners and operators of Valley Investments in Grand Junction did not deliver on a promise of returns as high as 18 percent for investing in their business of developing subdivisions with manufactured and mobile homes. Indicted were the company owners and an employee. Prosecutors say the three solicited about $31 million from as many as 400 investors, knowing their business was not generating enough profits. Prosecutors say the suspects used money from new investors to pay existing investors. Source:,0,1602062.story

11. December 16, The Hill – (National) Accounting rule impact delayed. Financial and real estate interests won a small delay in the regulatory impact of a new accounting rule that takes effect at the beginning of next year. The Federal Deposit Insurance Corporation (FDIC) said recently that banks would have up to one year to implement new capital requirements resulting from the accounting rule change. The move is only a partial victory for banks and other financial interests that have sought to delay the regulatory impact for up to several years. At issue is a rule banning financial entities that banks used to shift risk away from their bottom lines. The special financial vehicles were off-balance-sheet and helped fuel the boom in securities based on residential, student, commercial and other types of loans. As the housing market foundered under the weight of bad loans, those securities became troubled assets. Banks benefited before the crisis by not having to maintain more capital to offset the risk. Private estimates have suggested that as much as $1 trillion in assets would need to be moved onto bank balance sheets, requiring banks to raise tens of billions of dollars in new capital. Source:

Information Technology

31. December 17, The Register – (International) Conficker jams up developing interwebs. The infamous Conficker worm has disproportionally affected computer systems in the developing world, according to new research. Despite high profile infection at the United Kingdom’s Ministry of Defence and a series of British hospitals, to cite just a few examples, Conficker has proportionally affected systems in Africa and South America far more. Developing nations have become “malware ghettos”, stats from Shadowserver suggest. Shadowserver is part of the Conficker Working Group, an alliance of security vendors and ISPs that have banded together to fight the malware, which estimates six million Windows PCs are infected. This vast cybercrime resource has remained dormant throughout 2009, after first appearing in October 2008. Some security watchers believe that the hackers who created the malware were successful beyond their wildest dreams and have held off doing anything with the uber-botnet lest it bring unwelcome attention. Trend Micro, however, reckons the botnet established by Conficker has already been used to push rogue security software, an interesting theory that remains unproven. Source:

32. December 17, The Register – (International) China cages game Trojan hackers. Chinese authorities have sentenced 11 members of a malware gang to long stretches behind bars, after the group was convicted of creating and distributing Trojans designed to steal the login credentials of online gamers. The malware distributors were sentenced to up to three years behind bars and fined a total of $120,000. More prosecutions are pending against other alleged gang members, IDG reports. The group are collectively blamed for stealing login information from five million gaming profiles and selling them via the digital underground, making a cool 30 million yuan ($4.4 million) in the process. The group allegedly made their illicit income by selling game artifacts (such as gold coins) associated with compromised accounts. Source:

33. December 16, DarkReading – (International) Botnet operators infecting servers, not just PCs. Botnet operators have always been able to easily infect and convert PCs into bots, but they also are increasingly going after servers — even building networks of compromised servers. Web servers, FTP servers, and even SSL servers are becoming prime targets for botnet operators, not as command and control servers or as pure zombies, but more as a place to host their malicious code and files, or in some cases to execute high-powered spam runs. “FTP servers are a hot commodity in the underground. They are regularly used by drive-by download malware as well as a downloading component for regular bots,” says the chief research officer at F-Secure. “Another thing we’ve noticed is the use of SSL servers. Sites with a valid SSL certificate get hacked and are used by drive-by-downloads.” Why SSL servers? “If a drive-by download gets the malware file through an HTTPS connection, proxy and gateway scanners won’t be able to scan for the malware in transit, making it easier to sneak in,” he explains. Shadowserver, a nonprofit that tracks botnet activity, has seen botnets building their own networks of compromised servers as sort of sub-botnets for the botnet’s use. “Now we’re starting to see a botnet of servers ... What’s interesting is we’re finding these networks of connected servers are under a certain person’s control,” says the director of Shadowserver. Source:

34. December 16, CNET News – (International) Firefox 3.5.6 patches critical security holes. Mozilla has updated its Firefox browser to patch three critical security holes. Firefox 3.5.6 and 3.0.16 both suffered from memory corruption issues. “We presume that with enough effort at least some of these could be exploited to run arbitrary code,” the security advisory said. In addition, Firefox 3.5.6 had two critical vulnerabilities in its technology for playing Ogg-format media, one with the liboggplay media library and one with the libtheora video library. The patches are among 62 fixes in the new Firefox, software that’s translated into dozens of languages and runs on multiple operating systems. Users of the OS/2 operating system will be delighted to know that problems with Firefox’s full-screen mode and with print preview have been resolved. Source:

For another story, see item 40 below in the Communications Sector

Communications Sector

35. December 17, Now Public News – (International) BlackBerry email service down in North & South America. BlackBerry email service is down in North and South America. According to Research in Motion, the Canadian-based company that operates the BlackBerry network, this outage affects private users, but not corporate users. The outage began around 3:15am EST. Source:

36. December 17, Anchorage Daily News – (Alaska) AT&T reports widespread cell phone outages. AT&T’s cell phone network went down about midday Wednesday and left customers across the state without service for much of the day. Voice and text services for many Alaska customers had not been restored as of 9 p.m., though customers with the newer 3G service from AT&T reported that their cell phones still worked. It was not known specifically why service went out or even when it would be restored. AT&T officials in Alaska would not comment on the situation, instead directing questions to a public relations firm in California. A local AT&T spokeswoman said the company’s wireless business in Alaska is managed outside. “A commercial power outage caused a hardware issue that is affecting 2G service in parts of Alaska,” said a spokesperson with public-relations firm Fleishman-Hillard in San Francisco, which handles PR for AT&T. “It is unknown whether this was due to the weather conditions.” Source:

37. December 17, KTVU 2 San Francisco – (California) Pacifica cell-phone service outage stretches into fifth day. For the past five days, an AT&T equipment problem has left half of the coastal town of Pacifica without cell phone service. The outage has been affecting the Linda Mar area in the southern end of Pacifica. Cell-phone service has evolved over the past 20 years. The outage has made some local residents wonder what they did before cell phones became commonplace. Many are getting angry with AT&T at the lack of a fix. Out in the neighborhoods, most people have their house phones. But some have given up their land lines and strictly use their cell service. AT&T said the problem is an antenna a the top of Montara Mountain that has been damaged. The recent storms have made the road too muddy to safely bring in repair crews. Source:

38. December 17, CNET News – (National) Biden unveils $2 billion in broadband grants. The Vice President will announce Thursday $2 billion in grants that will be used to build broadband networks in underserved communities. The funding, which is part of the $7.2 billion that was set aside for broadband in the President’s $787 billion economic recovery deal earlier this year, will start with an initial $182 million investment in 18 broadband projects in 17 states. The Vice President is announcing the stimulus grants, which are part of the Administration’s overall plan to stimulate the economy and create jobs. The money is specifically meant to expand affordable broadband access to underserved areas of the U.S. Officials would not name which companies will be getting the grants that were announced on Thursday. Source:

39. December 16, ChannelWeb – (National) AT&T faces potential ‘Operation Chokehold’ traffic flood. iPhone subscribers are planning to flood the carrier’s data network with data traffic this Friday, but solution providers do not expect the effort to have much impact beyond annoying legitimate users. Earlier this week a journalist unveiled “Operation Chokehold”, a mock campaign to overwhelm AT&T’s data network by getting legions of iPhone subcribers to simultaneously switch on bandwidth-eating apps this Friday afternoon. The idea is to publicly shame AT&T for its spotty service coverage and general whininess over iPhone users’ bandwidth consumption. Last week, smoldering subscriber discontent over AT&T’s service quality morphed into full-fledged anger after an executive hinted that AT&T may switch to tiered wireless data pricing or impose bandwidth caps. So while Operation Chokehold was apparently intended to be a joke, it is likely that many frustrated iPhone subscribers will carry out the orders. But wireless experts are not sure if this will actually lead to a denial of service situation on AT&T’s data network. Operation Chokehold will likely be felt most acutely by iPhone users in Manhattan and San Francisco, two areas where AT&T has acknowledged having problems with 3G service due to exceptionally high iPhone ownership. It is unclear if the flooding of AT&T’s 3G network could have a spillover effect on its voice network, but that scenario obviously has serious implications given the large number of people that could be affected. Source:;jsessionid=JMKSN5SGGQ21XQE1GHOSKH4ATMY32JVN

40. December 15, Information Week – (Virginia) Amazon IDs cause of data center outage. Amazon Web Services has attributed a 44-minute outage in part of its Northern Virginia data center last week to the failure of power supply in one “availability zone” in the data center, which was soon followed by a second failure of a component in the redundant system. Users of the Amazon EC2 cloud with workloads in Amazon’s Northern Virginia data center experienced problems early in the morning of December 9, with some operations in a part of the data center interrupted during a five-hour period. The postings first mentioned a connectivity issue, then acknowledged a power issue. In following up on the postings, InformationWeek asked Amazon whether the power issue was inside the data center or an issue with an external supplier. Amazon spokesmen responded that “a single component of the redundant power distribution system failed in this zone. Prior to completing the repair of this unit, a second component, used to assure redundant power paths, failed as well, resulting in a portion of the servers in that availability zone losing power.” Source: