Department of Homeland Security Daily Open Source Infrastructure Report

Tuesday, December 29, 2009

Complete DHS Daily Report for December 29, 2009

Daily Report

Top Stories

 Bloomberg reports that a suspected terrorist tried to blow up a Detroit-bound transatlantic flight on December 25 with 278 passengers before he was subdued. A congressman said the incident on Northwest Airlines flight 253 from Amsterdam’s Schiphol airport appears to be al-Qaeda related. (See item 20)


20. December 26, Bloomberg – (International) Suspected terrorist tried to blow up plane, U.S. says. A suspected terrorist tried to blow up a Detroit-bound transatlantic flight December 25 with 278 passengers before he was subdued, U.S. officials said. The passenger was attempting to destroy the plane with an explosive device, said a member of the U.S. House of Representatives Committee on Homeland Security. White House officials said the President is treating the incident as an attempted terrorist attack. The incident on Northwest Airlines flight 253 from Amsterdam’s Schiphol airport “definitely appears to be al-Qaeda related,” the congressman said in an interview. “This was not a firecracker. This was for real.” The President called for “all appropriate measures to be taken to increase security” after the suspected attack, the White House said in a statement. The Department of Homeland Security said passengers may notice additional screening at airports. The suspect, who was taken into custody in Detroit, told authorities that the device was acquired in Yemen along with instructions on when it was to be used, CNN reported, citing a federal security bulletin. The passenger was taken to a hospital to be treated for burns, the cable news network said. The fire from the explosion was large enough to require a fire extinguisher, CNN said, citing interviews with passengers. The Federal Bureau of Investigation in Detroit is leading the probe, said a spokeswoman. A spokeswoman for Northwest parent Delta Air Lines said earlier that the suspect had firecrackers. The suspect told authorities that he used a syringe to mix chemicals with explosive powder taped to his leg, the New York Times reported, citing an unidentified U.S. official. Source: http://www.bloomberg.com/apps/news?pid=20601087&sid=aof8BeGXmBQc&pos=8


 According to the Associated Press, a levee break near the Pulaski-Saline, Arkansas county line has flooded a nearby community and cut off access to at least three houses. The break occurred Saturday evening. (See item 42)


42. December 28, Associated Press – (Arkansas) Levee break after heavy rain strands residents. A levee break near the Pulaski-Saline county line has flooded a nearby community and cut off access to at least three houses. The break at a pond levee occurred Saturday evening and crews came to the area Sunday to assess damage. Local fire officials say they think the levee broke because about 10 inches of rain fell in the area during the past few days. No injuries have been reported but trees and power poles were knocked down. The West Pulaski fire chief says other levees in the area remain intact but likely will need to be checked. One homeowner said there is now no way to drive to or from his home and that either another road will have to be built or the current road will have to be repaired. Source: http://www.wxvt.com/Global/story.asp?S=11736450


Details

Banking and Finance Sector

12. December 27, Reuters – (International) Makeshift bomb damages insurance building in Athens. A makeshift bomb went off late on December 27 outside the offices of National Insurance company in central Athens, Greece causing damage to the building and nearby cars but no injuries, police said. “There was a warning phone call to a newspaper about 15 minutes before the explosion but no claim of responsibility,” a police official said. Police said the explosive device was placed near the entrance of the insurance company’s building, located near the Ledra Marriott hotel. The company is a subsidiary of National Bank, the country’s biggest lender. The incident is the latest in a series of gas canister and bomb attacks by leftist and anarchist groups that have rocked Greece since the police shooting of a teenager sparked the country’s worst riots in decades in December 2008. Source: http://www.reuters.com/article/idUSLDE5BQ0DC20091227


13. December 26, KTRK 13 Houston – (Texas) Robber holds up Crosby bank with fake bomb. A robber used a fake bomb to hold up a bank in Crosby on December 26. The Harris County Sheriff’s Office says the man pulled up to a drive-through window at the United Community Credit Union on Crosby-Lynchburg on December 26 and handed the teller a package with a note demanding money. She gave him the money and called police. The bomb squad secured the bank and sent a robot to retrieve the device, which turned out to be fake. “I believe it was a homemade hoax bomb,” said a police sergeant with the Harris County Sheriff’s Office. “It does not appear to have been a real device, but it was constructed well. It looked like a real device. And the teller was smart. She didn’t touch it.” The robber got away in a white Impala. Source: http://abclocal.go.com/ktrk/story?section=news/local&id=7189185


14. December 24, Jacksonville.com – (Florida) People’s First bank closes, local branches now part of Hancock. All 29 branches of People’s First Community Bank — three of which are located in or near St. Johns County — closed recently and have since reopened as branches of 110-year-old Hancock Bank. The Federal Deposit Insurance Corporation, overseeing the take-over, said the cost to U.S. taxpayers will be an estimated $556.7 million. That is because the deal includes a loss-sharing agreement in which the FDIC covers all acquired loans and will reimburse 80 percent of losses up to $385 million and 95 percent of losses beyond $385 million. “Hancock Bank’s acquisition of all deposits was the ‘least costly’ resolution for FDIC’s Deposit Insurance Fund compared to all alternatives,” an FDIC release said in explanation. Hancock now owns People’s First branches in the Panhandle and Central Florida, including Pensacola, Panama City, Jacksonville and Orlando. Source: http://jacksonville.com/community/my_st_johns_sun/2009-12-26/story/peoples_first_bank_closes_local_branches_now_part_of_hanc


15. December 24, United Press International – (National) Treasury pledges aid to Fannie and Freddie. The U.S. Treasury Department announced on December 24 it will give Fannie Mae and Freddie Mac as much support as they need to remain solvent. The Christmas Eve announcement was made as the two mortgage giants revealed that 12 top executives will receive $42 million in compensation this year, the Washington Post reported. The chief executive officers will get $6 million each. The Treasury’s move means Fannie Mae and Freddie Mac can get federal assistance exceeding the current $400 billion cap. They have already received $111 billion. It also means they may remain federal agencies in practice for the next three years. Officials said the announcement “should leave no uncertainty about the Treasury’s commitment to support these firms as they continue to play a vital role in the housing market during this current crisis.” They said it did not necessarily mean they will actually receive more than $400 billion. Source: http://www.upi.com/Top_News/US/2009/12/24/Treasury-pledges-aid-to-Fannie-and-Freddie/UPI-60961261715196/


Information Technology


37. December 28, Softpedia – (International) Microsoft confirms 0-Day IIS security vulnerability. Microsoft has confirmed officially a zero-day security vulnerability affecting Internet Information Services (IIS). The security hole was initially reported just ahead of Christmas on December 23rd, and the Redmond company provided the first response at the end of the past week. So far, the issue in question affects version 6 of IIS on a fully patched Windows Server 2003 R2 SP2; however, additional IIS releases might also be impacted. A Microsoft security program manager notes that Microsoft is aware of the problem and that investigation into the matter has already been kicked off. At the same time, the program manager assured customers running IIS that it hasn’t detected any active attacks in the wild targeting the new 0-day flaw. The vulnerability identified in Microsoft Internet Information Services (IIS) involves the incorrect manner in which the server deals with files with multiple extensions. As long as the multiple extensions are divided by the “;” character, the IIS server handles them as ASP files. A possible attacks scenario could be based on an exploit constructed out of malformed executables. Any malicious files uploaded to a vulnerable web server would circumvent any file extension protections and restrictions in place. Source: http://news.softpedia.com/news/Microsoft-Confirms-0-Day-IIS-Security-Vulnerability-130650.shtml


38. December 23, V3.co.uk – (International) SEO poisoners exploiting Windows Live Spaces. Security experts are warning that hackers are now using Microsoft’s Live Spaces blogging platform in order to push up the popularity of fraudulent online pharmaceutical sites in a strategy known as search engine poisoning. In a posting on the Threat Center Live blog, security firm eSoft explained that cyber criminals are making use of Windows Live Spaces as well as Yahoo and Google Blogger platforms – registering accounts and then using those accounts to link to the fraudulent sites, thus pushing up the search engine ranking of those sites. “Additionally, the spam emails now link to these fake blogs rather than directly to the pharma-fraud site in an effort to better evade spam filters that might otherwise detect the link to the fraudulent website,” the posting noted. “Whatever the distribution method, it’s clear these cybercriminals will stop at nothing and continue to evolve new ways of advertising their bogus sites.” Search engine poisoning or blackhat SEO is becoming an increasingly popular method for cyber criminals to boost click throughs onto their fake and malicious sites and increase infection rates. Source: http://www.v3.co.uk/v3/news/2255427/seo-poisoners-exploiting


Communications Sector

39. December 27, WSAZ 3 Huntington – (West Virginia) Customers without phone service continue to stay on hold. Being in the dark and disconnected is the harsh reality many families are coping with after a severe winter storm moved through the region. While power crews continue to work hard, so are phone companies like Verizon. Officials say right now they have about 37 hundred repair reports in West Virginia. Now some concerned customers are worried that the lack of a dial tone could lead to more problems. “If there was someone who tried to break into our home while the electricity was off, if something like that were to happen, we can’t get help without phone service,” a Turkey Creek resident said. A Verizon spokesman says when electricity goes out, other companies have to wait until the power company restores things before they can go in and make repairs themselves. Source: http://www.wsaz.com/news/headlines/80184577.html