Thursday, May 31, 2012

Complete DHS Daily Report for May 31, 2012

Daily Report

Top Stories

• Softball-size hailstones and high winds swept across Oklahoma, May 28-29 forcing about 100,000 people to lose power, downing numerous power lines, and closing many roads. – Oklahoma City Oklahoman

1. May 30, Oklahoma City Oklahoman – (Oklahoma) Severe storms graze swath across Oklahoma over two days. Softball-size hailstones and high winds left evidence of severe storms that swept across Oklahoma May 28-29, with property damage stretching from Lawton to Grove and at least three people reporting injuries. Nearly 100,000 people lost power in the Oklahoma City metro area. Downed power lines caused traffic snags, and high water trapped some people in vehicles. An Oklahoma City Police lieutenant and the Oklahoma City Fire Department deputy chief confirmed downed power lines and reports of hail damage and broken windows, especially in northern and northwest Oklahoma City. The deputy chief also reported “21 power line incidents.” Downed power lines also caused traffic problems at intersections. Source:

• Government filings revealed the San Onofre nuclear power plant in San Diego County operated for decades with equipment that might have temporarily severed the plant’s emergency power supply in the event of an earthquake. – Associated Press

11. May 30, Associated Press – (California) Filings reveal more trouble at San Onofre power plant. The San Onofre nuclear power plant in San Diego County, California, operated for decades with equipment that might have temporarily severed the plant’s emergency power supply in the event of an earthquake, government filings revealed May 29. The company disabled the equipment — a vibration sensor — and reported the power issue to federal regulators as “an unanalyzed condition that significantly degraded plant safety.” Edison said other back-up systems were in place during that time. At issue is a vibration sensor in use since 1981 on emergency diesel generators. Engineers found the sensor — designed to protect components inside the generators during operation — might incorrectly stop them during an earthquake. Source:

• Owners of two Caribbean timeshares bilked 1,200 investors out of $163 million in a 5-year Ponzi scheme, the U.S. Securities and Exchange Commission said. – Courthouse News Service See item 16 below in the Banking and Finance Sector

• South Carolina emergency officials announced big changes in hurricane storm coverage that includes much larger evacuation zones and earlier evacuation orders in the Myrtle Beach area. – Myrtle Beach Sun News

47. May 30, Myrtle Beach Sun News – (South Carolina) Study brings big change to Myrtle Beach-area hurricane evacuation plans. May 30, South Carolina emergency officials rolled out a substantial change in hurricane storm coverage that includes much larger evacuation zones and earlier evacuation orders in the Myrtle Beach-area. Using the latest technology, officials with the Federal Emergency Management Agency and the U.S. Army Corps of Engineers looked at all the issues that would result with a hurricane making impact in the State, the behavior of residents during a storm, the topography of the area and storm surge impacts, and how long it would take to evacuate residents and tourists. Officials will call for evacuations based on a formula that calculates the strength of the storm, the predicted storm surge, and where it could make landfall. Due to population increases, a new zoning system was also established. Since Hurricane Hugo in 1989, Horry County’s population has gone from 144,000 in 1990 to 269,300 according to the 2010 census. Carolina Forest shot up 506 percent between 2000 and 2010. Where once the Intracoastal Waterway served as a line of demarcation between coastal danger and inland safety, new storm surge models showed that areas of Horry and Georgetown counties that had never been under a mandatory evacuation order could be impacted by rising waters and should be evacuated. To ensure residents are aware of what zone they live in and what actions they need to take before a storm threatens, officials are planning several community events. Also under the new system, the governor will no longer issue voluntary evacuation orders; only a mandatory evacuation order will be issued by the governor. Source:

• Six people were shot in Seattle May 30. Two were killed and three wounded at a cafe, and a third person was killed in a separate shooting minutes later, police said. – MSNBC

59. May 30, MSNBC – (Washington) Gun violence in Seattle leaves at least three dead, three wounded. At least three people were killed and three others wounded in two separate shootings minutes apart in Seattle, May 30, police said. Police confirmed that two male victims were dead in a shooting at a north Seattle cafe. Two more men and a woman were taken to the hospital. The shooting occurred at the Cafe Racer in a commercial district near the University of Washington campus. Roosevelt High School, four blocks from the incident, was on lockdown as police looked for a suspect. About a half hour later, some 5 miles to the south, a woman was shot several times during what police said was a carjacking at a parking lot next to town hall. Police found the car and a handgun miles away in a residential neighborhood. Suspects in both shootings were still at large as of late afternoon that day. Source:

• Heavy rains in the St. Paul and Minneapolis, Minnesota areas led the U.S. Army Corps of Engineers to close three locks and dams on the Mississippi River to recreational boaters for at least 1 week. – Minnesota Public Radio

62. May 29, Minnesota Public Radio – (Minnesota) Heavy rain closes Mississippi River locks. Heavy rains in the St. Paul and Minneapolis, Minnesota, areas led the U.S. Army Corps of Engineers to close three Minneapolis locks and dams on the Mississippi River to recreational boaters May 29. A spokeswoman said the locks and dams close when the water flow is greater than 30,000 cubic feet per second. The closures included Upper and Lower St. Anthony Falls locks and dams, and the Ford Dam. Closure will likely last for at least a week or longer if the rain continues. Source:


Banking and Finance Sector

13. May 30, Associated Press – (International) US levies new sanctions on key Syrian bank. The U.S. Department of the Treasury levied sanctions on a key Syrian bank as it seeks to ratchet up economic pressure on the Syrian president’s regime, the Associated Press reported May 30. Treasury said the Syria International Islamic Bank (SIIB) was acting as a front for other Syrian financial institutions seeking to circumvent sanctions. The new penalties prohibit the SIIB from engaging in financial transactions in the United States and freeze any assets under U.S. jurisdiction. The tightened sanctions come as the United States grapples for ways to quell deadly violence in Syria and spur a political transition. Treasury said it will also host a meeting in Washington, D.C., the week of June 4 of the Friends of Syria working group on sanctions. The meeting, co-chaired by the United States, Turkey, and Qatar, will focus on ways to strengthen sanctions against the Syrian president’s regime. Source:

14. May 30, Associated Press – (North Dakota) Former Dickinson bank officer to plead guilty to fraud today. A former trust officer at a Dickinson, North Dakota bank was scheduled to plead guilty to conspiracy to commit bank fraud May 30. The trust officer is accused of plotting with her husband to steal almost $750,000 from five clients at the Bank of the West. Federal court documents said most of the money was funneled to the officer’s sister and nephew. Court records said she also conspired to take over one client’s mineral interests in four western North Dakota counties. The officer is accused of stealing more than $130,000 from her. She has reached a plea agreement with prosecutors and is scheduled to plead guilty in federal court in Bismarck. Her husband has already pleaded guilty. Source:

15. May 30, Government Security News – (National; International) Romanian extradited in computer scheme that allegedly stole credit card info at U.S. cash registers. A Romanian man was extradited to the United States to face charges that he was part of a fraud ring that allegedly electronically accessed as many as 80,000 credit cards while they were being used at cash registers across the country, Government Security News reported May 30. The charges allege the man participated in a scheme to remotely steal payment card data from hundreds of U.S. merchants’ “point of sale” (POS) computer systems. An indictment handed down in December 2011 charged the man and three other Romanian nationals ran the computer fraud conspiracy. Federal authorities allege that between 2008 and May 2011, the men conspired to remotely hack into more than 200 U.S.-based POS systems at stores across the U.S. to steal credit, debit, and gift card numbers and associated data. Merchant victims included more than 150 Subway restaurant franchises, the U.S. Department of Justice said. According to the indictment, millions of dollars of unauthorized purchases have been made using the compromised data. Source:

16. May 29, Courthouse News Service – (National; International) Ponzis just kept on growing, SEC says. Owners of two Caribbean timeshares bilked 1,200 investors out of $163 million in a 5 year Ponzi scheme that netted them $58.9 million in commissions, the U.S. Securities and Exchange Commission (SEC) claimed in a May 24 complaint. Two men, through their company Net Worth Solutions, paid themselves “exorbitant undisclosed sales commissions” from sales of securities for two resorts in the Dominican Republic, the SEC claimed. Investors were told their returns were guaranteed, however “only a very small percentage of investor funds were actually used to renovate and construct the properties,” the SEC said. Instead, defendants skimmed undisclosed commissions and used new money to pay off earlier investors. One of the men founded “a series of multi-level marketing entities that sold investments in the second man’s resorts,” the complaint said. The first man and his father bought the Cofresi resort in the Dominican Republic in 2003. EMI Sun Village Inc., which owned the resort, then targeted investors in the western United States. The second man and his father bought Sun Village Juan Dolio in 2005. Construction at Juan Dolio was never completed, and it never opened to guests. Defendants bought about $72.6 million worth of investments in Cofresi and $91.2 million in Juan Dolio, the SEC said. Only $8 million was spent on the construction of Juan Dolio. In total, $21.1 million was paid in commissions for Cofreis and $37.8 million for Juan Dolio. Lenders foreclosed on both properties in 2009. Source:

17. May 29, Ventura County Star – (California) Four arrested in connection with credit card fraud. Simi Valley, California police announced May 29 the arrests of four suspects in connection with what investigators call a “Nigerian fraud ring” they said caused losses of more than $2 million through the fraudulent use of credit cards. Police said the 6-week investigation began in March when a woman bought several thousand dollars’ worth of gift cards at a Target store in Simi Valley. She used fraudulently obtained credit cards to buy the gift cards, police said. Similar transactions occurred elsewhere in southern California, police said. Police said they identified four suspects of Nigerian origin who lived in Los Angeles County and committed similar crimes there, as well as in Ventura, San Diego, Kern, Riverside, and San Bernardino counties. Police said they recovered stolen property during the arrests, as well as more than $100,000 in cash. Source:

For another story, see item 54 below in the Information Technology Sector

Information Technology

50. May 30, H Security – (International) Security problem in VMware vSphere 5. Security experts from ERNW demonstrated the ability to break out of the virtualization hypervisor of VMware ESXi 5.0 using crafted VMware images. If a provider offers customers the ability to run customer-supplied VMware images on its servers as part of an infrastructure as a service offering, a malicious user could access all data on the server, including other customers’ user passwords and virtual machines. The security experts were able to manipulate the virtual disk images in a way that caused host disks to be mounted in the guest system after launching the VM. Successful attacks were mounted in this way against fully patched copies of ESXi 5.0, but the researchers point out that, as far as they are aware, this has so far only happened under laboratory conditions. Source:

51. May 30, SecurityWeek – (International) Rapid 7 outlines the most popular Metasploit modules. Metasploit is a powerful and popular tool for penetration testers and security experts. However, it is also an excellent resource for hackers. Recently, Rapid 7 published a list of the most popular Metasploit modules, offering a look at the vulnerabilities that earned the most attention in April. The list was compiled by examining the Web server stats for the Metasploit Auxiliary and Exploit Database. Studies of the methods utilized in the wild show that attackers have a preference for the same tools that penetration testers and other security professionals use or sell to others, and Metasploit is no different. Source:

52. May 30, IDG News Service – (International) Nearly a fifth of U.S. PCs have no virus protection, McAfee finds. A McAfee study of PCs around the world found that 17 percent had no antivirus protection, and the United States outpaced the average with 19 percent of PCs unprotected. The study counted as unprotected machines those that had no antivirus protection installed, or whose antivirus subscription expired. In the United States, 12 percent of PCs did not contain an antivirus program, and 7 percent had expired software. McAfee analyzed data from voluntary scans of 27 million machines in 24 countries. According to the company, the study was the first to examine machines directly rather than polling their users. User polls typically found that 6 percent of PCs are not protected by antivirus software, McAfee’s director of global consumer product marketing said. Source:

53. May 30, H Security – (International) Google’s reCAPTCHA briefly cracked. Hackers developed a script that was able to crack Google’s Completely Automated Public Turing test to tell Computers and Humans Apart (CAPTCHA) system with a success rate of better than 99 percent. They presented the results of their research at the LayerOne security conference in Los Angeles the weekend of May 26. However, just an hour before the presentation, Google made improvements to its reCAPTCHA system. Of the various CAPTCHA systems, Google’s reCAPTCHA is considered to be one of the most reliable for differentiating man from machine. Rather than trying to analyze distorted characters, the script, code-named “Stiltwalker,” analyzed the audio version of the CAPTCHAs, which Google provides for individuals who are visually impaired. Stiltwalker makes use of various techniques, including machine learning, but it also exploits the fact the computer voice has a very limited vocabulary. Source:

54. May 30, Government Computer News – (International) Administration unveils plan for battling botnets. The U.S. Government and a private-sector working group announced a cooperative initiative to combat malicious botnets, which are being called a growing threat to the online economy and national security. May 30, the Industry Botnet Group and DHS and the Commerce Department released a set of principles for addressing the challenge of botnets across the Internet ecosystem. In addition to this framework for collaboration, the Government also will step up public outreach efforts to educate users about online threats and will coordinate efforts to address the technical threats posed by botnets. May 30, the National Institute of Standards and Technology hosted a workshop on the technical aspects of botnet activity, aimed at disrupting the botnet life cycle and removing malicious code on compromised devices. Source:

55. May 29, Threatpost – (National) DHS to critical infrastructure owners: Hold on to data after cyber attack. The DHS is offering organizations that use industrial control systems advice on mitigating the effects of cyber attacks. Among the agency’s recommendations: Hold on to data from infected systems and prevent enemies from moving within your organization. DHS’ Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) published a technical paper on cyber intrusion mitigation strategies May 25. The document calls on critical infrastructure owners to take a number of steps to thwart attacks, or limit the damage they cause. Among them are improving their ability to collect and retain forensic data, and to detect attempts by attackers to move laterally within their organization. The document is guidance from ICS-CERT to critical infrastructure owners and is targeted at both enterprise and control system networks, DHS said. Source:

For another story, see item 15 above in the Banking and Finance Sector

Communications Sector

56. May 29, – (North Carolina) Antenna damage will temporarily limit WDAV-FM signal. Some listeners of Davidson, North Carolina-based WDAV 89.9 FM could lose their signal for up to a month while the classical music public radio station uses a backup antenna so it can repair damage on its main antenna, reported May 29. A recent tower inspection found a section of the antenna glowing orange from heat. The station’s general manager said May 29 engineers are not sure what is causing the heat. They will not know more until they dismantle the antenna. Repairs were expected to begin May 30. WDAV will switch to a backup antenna on a tower next to the main one. It operates at the same power — 100,000 watts — as WDAV’s main transmitter, but is much lower and the signal likely will not travel as far as normal, the manager said. The areas that are most likely to lose WDAV’s signal include south Charlotte, north of Statesville, and northeast toward Winston-Salem, he said. Since WDAV’s antenna is custom-designed to target its signal and avoid interference with other stations, engineers will ship damaged parts back to the manufacturer to be repaired or rebuilt. That means the station likely will operate on its backup antenna for about a month. Source:

Wednesday, May 30, 2012

Complete DHS Daily Report for May 30, 2012

Daily Report

Top Stories

• A business owner in Anderson, California, reported a trailer full of thousands of dollars worth of toxic chemicals was stolen May 26. – KRCR 7 Redding

3. May 28, KRCR 7 Redding – (California) Lethal chemicals stolen, owners offer reward. A business owner in the Happy Valley section of Anderson, California, reported a trailer full of thousands of dollars worth of toxic chemicals was stolen May 26. The man who has used the chemicals for more than 25 years to clean sewage systems said that if they get in the wrong hands they could be deadly. He said the chemicals contain Metam Sodium, which is strong enough to kill wildlife and melt tree roots. The trailer had more than $12,000 worth of chemicals inside, the owner said. It also contained other supplies and the thieves got away with more than $20,000 worth of tools and belongings, he added. The trailer is white and has a decal of a sun with trees and a flock of geese flying across it. The owner is offering a $500 reward for the recovery of the chemicals. Anyone with information should contact the California Highway Patrol. Source:

• A backdoor was “deliberately” inserted into a microchip used by the U.S. military, according to a draft report by security researchers. The backdoor can allow attackers to gain unauthorized access and reprogram the chip’s memory. – Nextgov

7. May 29, Nextgov – (National) UK researchers discover backdoor in American military chip. United Kingdom (U.K.)-based security researchers found a backdoor “deliberately” inserted into an American military chip to help attackers gain unauthorized access and reprogram its memory, according to a draft research paper. A researcher at Cambridge University discovered a military-grade silicon device made by California-based Microsemi Corp., the ProASIC3 A3P250, contained a glitch that would allow individuals to remotely tweak its functions. He collaborated with a researcher at U.K.-based Quo Vadis Labs, which researches sensor technology, and found “proof that the backdoor was deliberately inserted and even used as a part of the overall security scheme.” The duo did not disclose details, citing a “confidentiality agreement.” The backdoor is “close to impossible to fix on chips already deployed” because software patches cannot fix the bugs. The holes can only be removed by removing all such chips installed in systems, the duo said. Microsemi’s aggregate net sales to defense and security users represented about 29 percent of total net sales in 2012, according to its most recent quarterly regulatory filing. The device in question is “heavily marketed to the military and industry,” the draft report states. Source:

• Authorities in Pullman, Washington, were searching for an arsonist they said caused three fires in a week at Washington State University. – Associated Press

31. May 29, Associated Press – (Washington) 3rd arson reported at Washington State University. Residents in Pullman, Washington, were on edge after authorities said an arsonist was responsible for three fires in a week at Washington State University, the Associated Press reported May 29. The latest fire was reported just after midnight May 29 in a veterinary school building on campus, said a fire official. Someone apparently broke in through a window and set multiple fires in the building. A fire May 26 also burned a 2-story community building at the Chief Joseph apartment complex, and an arson the week of May 21 burned a community building at the Nez Perce apartment complex. Both are university housing. Source:

• A new, sophisticated malware threat predominantly used in cyberespionage attacks against targets in the Middle East was identified and analyzed by researchers from several security groups. – IDG News Service See item 39 below in the Information Technology Sector

• The U.S. Forest Service said a fire in New Mexico’s Gila National Forest grew to 152,000 acres — just 5,000 acres from breaking the State’s record. – Associated Press

48. May 29, Associated Press – (New Mexico) Gila blaze close to being largest in NM. The U.S. Forest Service said the erratic fire in Gila National Forest grew to about 152,000 acres by May 29 — just 5,000 acres from breaking the State’s record. It is about 15 miles east of Glenwood, New Mexico, a small town with a few hundred residents. The fire was sparked by lightning the week of May 14. More than 1,100 firefighters and 9 helicopters were fighting the fire. Source:


Banking and Finance Sector

8. May 29, U.S. Securities and Exchange Commission – (Florida) Miami hedge fund adviser charged for misleading investors about ‘Skin in the Game’ and related-party deals. The U.S. Securities and Exchange Commission (SEC) May 29 charged a Miami-based hedge fund adviser for deceiving investors about whether its executives had personally invested in a Latin America-focused hedge fund. The SEC’s investigation found that Quantek Asset Management LLC made various misrepresentations about fund managers having “skin in the game” along with investors in the $1 billion Quantek Opportunity Fund. In fact, Quantek’s executives never invested their own money in the fund. The SEC’s investigation also found Quantek misled investors about the investment process of the funds it managed as well as certain related-party transactions involving its lead executive and its former parent company Bulltick Capital Markets Holdings LP. Bulltick, the executive, and former Quantek operations director were charged along with Quantek in the SEC’s enforcement action. They agreed to pay more than $3.1 million in total disgorgement and penalties to settle the charges, and the executive and director agreed to securities industry bars. Source:

9. May 29, Reuters – (New York) Chinese man pleads guilty to NY Fed cyber theft. A Chinese computer programmer May 29 pleaded guilty to stealing software code from the Federal Reserve Bank of New York. The programmer was accused of illegally copying the software code to an external hard drive, according to a criminal complaint. Authorities said the software, owned by the U.S. Department of the Treasury, cost about $9.5 million to develop. The code, called the Government-wide Accounting and Reporting Program, was developed to help track the billions the U.S. government transfers daily. The program provides federal agencies with a statement of their account balance, the court documents said. The programmer was hired as a contract employee in May 2011 by an unnamed technology consulting company used by the Federal Reserve Bank of New York to work on its computers, court documents said. Source:,0,1335941.story

10. May 27, KABC 7 Los Angeles – (California) ‘Snowboarder Bandit’ arrested again on new charges. The so-called “Snowboarder Bandit” was taken into custody again and charged with more bank robberies in southern California, KABC 7 Los Angeles reported May 27. Deputies said the suspect was re-arrested on charges of robbing two Coachella Valley banks — one in Palm Desert and the other in Rancho Mirage. He had already been arrested in connection with bank robberies in Orange County. He was then freed on bail. Source:

11. May 25, U.S. Commodity Futures Trading Commission – (California; National) CFTC charges CTI Group, LLC and Cooper Trading with an $11 million fraud in the sale of automated trading systems. The U.S. Commodity Futures Trading Commission (CFTC) May 25 announced the filing of a federal court action against defendants CTI Group, LLC, Cooper Trading, and two individuals, charging them with fraudulent sales practices in connection with the sale of two automated trading systems, known as the Boomer and Victory Trading Systems. According to the CFTC complaint, since at least August 2009, CTI Group, LLC and Cooper Trading, by and through the two men and others, fraudulently solicited clients to subscribe to the systems, used by clients to trade E-mini Standard and Poor’s 500 Stock Index futures contracts in managed accounts. To carry out the fraud, CTI and one of the men allegedly engaged in a systematic pattern of material false statements and omissions in connection with the marketing of CTI’s Trading Systems. CTI sells subscriptions to its Trading Systems for $5,000 to $6,000 and has sold subscriptions to well over 1,000 clients, receiving at least $11 million, the complaint said. Source:

12. May 25, WCBS 2 New York – (New York; International) Customs agents seize more than $200,000 in counterfeit money at JFK. U.S. Customs and Border Protection officers at John F. Kennedy International Airport (JFK) in the Queens borough of New York City said they seized more than $200,000 in counterfeit $100s, WCBS 2 New York reported May 25. The bogus bucks were rounded up in two separate incidents. May 6, authorities said they found $68,000 in counterfeit $100 bills concealed in file folders and children’s books. The counterfeit cash was found at JFK’s International Mail facility, and were sent from Peru. May 8, officials said they stopped a woman who had arrived at JFK from Cali, Colombia. They discovered $141,200 of counterfeit money hidden in a false lining of her luggage and arrested her. Source:

Information Technology

38. May 29, Homeland Security News Wire – (International) Malware intelligence system allow organizations to share threat information. As malware threats expand into new domains and increasingly focus on industrial espionage, Georgia Tech researchers are launching a new tool to help battle the threats: a malware intelligence system that will help corporate and government security officials share information about the attacks they are fighting. A Georgia Tech news release reports the system, known as Titan, will be at the center of a security community which will help create safety in numbers as companies large and small add their threat data to a knowledge base that will be shared with all participants. Operated by security specialists at the Georgia Tech Research Institute, the system builds on a threat analysis foundation — including a malware repository that analyzes and classifies an average of 100,000 pieces of malicious code each day. Source:

39. May 28, IDG News Service – (International) Researchers identify Stuxnet-like malware called ‘Flame’. A new, highly sophisticated malware threat predominantly used in cyberespionage attacks against targets in the Middle East was identified and analyzed by researchers from several security companies and organizations. According to the Iranian Computer Emergency Response Team, the new piece of malware might be responsible for recent data loss incidents in Iran. Flame, as the Kaspersky researchers call it, is a very large attack toolkit with many individual modules. It can perform a variety of malicious actions, most of which are related to data theft and cyberespionage. Among other things, it can use a computer’s microphone to record conversations, take screenshots of particular applications when in use, record keystrokes, sniff network traffic, and communicate with nearby Bluetooth devices. One of the toolkit’s first versions was likely created in 2010 and its functionality was later extended by leveraging its modular architecture, said a chief malware expert at Kaspersky Lab. Flame spreads to other computers by copying itself to portable USB devices and also by exploiting a now-patched Microsoft Windows printer vulnerability that was also leveraged by Stuxnet. Source:

40. May 28, H Security – (International) Critical hole in Seagate BlackArmor NAS. Seagate’s BlackArmor NAS server is vulnerable to having its administrative password reset by anyone with access to it and a particular URL. The BlackArmor range of network-attached storage devices is aimed at small businesses and offers storage and backup options from Windows PCs and Mac OS X systems, ranging from 1TB to 12TB of hard disk media. The problem, documented by the U.S. Computer Emergency Readiness Team, involves an unauthenticated attack directly accessing an address where they will be given the opportunity to reset the device’s administrator password. There is no current solution to the problem. Source:

For more stories, see items 7 above in Top Stories and 9 above in the Banking and Finance Sector

Communications Sector

41. May 28, KXLH 9 Helena – (Montana) KXLH knocked off the air possibly until Tuesday. KXLH 9 Helena, Montana, learned May 28 that a May 27 winter storm did not just knock the KXLH signal off the air — it destroyed a transmitter. The facility is located near the Great Divide ski area northwest of Helena. A KXLH engineer got through the 2 feet of snow blocking access to the site May 28 and discovered that the large microwave dish was destroyed by ice. KXLH anticipated being back on the air sometime May 29. Source: