Thursday, September 20, 2012 

Daily Report

Top Stories

 • Entergy Corp said that damage from Hurricane Isaac would cost its utilities in several States between $400 million and $500 million and would reduce power sales in the third quarter. – Reuters

4. September 18, Reuters – (National) Entergy estimates Hurricane Isaac damage at $500 million. Entergy Corp said September 18 that damage from Hurricane Isaac would cost its utilities between $400 million and $500 million and would reduce power sales in the third quarter. Entergy, which supplies electricity to 2.8 million customers in Arkansas, Louisiana, Mississippi, and Texas, said Hurricane Isaac left more than 787,000 customers without power and damaged its power delivery infrastructure. Isaac, which struck the Louisiana coast with 80 mph winds August 28, ranks as the fourth worst storm in Entergy’s history in terms of power outages. Distribution systems of the utilities had extensive damage, Entergy said. Preliminary estimates showed that Isaac had damaged or destroyed 4,500 poles and 2,000 transformers. The storm also knocked 95 transmission lines out of service along with 144 substations. No damage has been identified at Entergy’s fossil or nuclear power plants, but detailed assessments are continuing, the company said. Entergy Louisiana’s repair cost from Isaac is estimated at $240 million to $300 million, followed by Entergy Gulf States Louisiana at $70 million to $90 million; Entergy New Orleans at $50 million to $60 million; Entergy Mississippi at $30 million to $40 million, and Entergy Arkansas at $10 million, according to a company statement. Source:

 • A Washington State banker who helped generate nearly $1 billion in mortgage loans during the housing bubble pleaded guilty to submitting false loan applications and to submitting false statements to banks to obtain loans. – Tacoma News Tribune See item 16 below in the Banking and Finance Sector

 • A structural failure at the busiest lock on the Mississippi River in Illinois held up more than 280 barges, and will cost the U.S. economy about $2.4 million each day until it is repaired. – KWMU 90.7 FM St. Louis

23. September 18, KWMU 90.7 FM St. Louis – (Illinois) Emergency repair at Lock 27 has barge traffic at a standstill. A structural failure at Lock 27, which is located near Granite City, Illinois, caused major shipping problems September 18 on the Mississippi River. There were more than 280 barges at a standstill holding the equivalent of 16,000 semi-trucks worth of cargo. A barrier called a protection cell that is used to keep barges from bumping into the lock itself ruptured, spilling rocks into the waterway and blocking shipping lanes. A U.S. Army Corps of Engineers spokesman said it could take 24 hours or more for the problem to be fixed. Lock 27 is the busiest on the Mississippi River, and the spokesman said it costs the larger economy around $2.4 million each day it is closed. A Coast Guard spokesman said a narrow shipping lane brought on by the drought is an added concern. He said there was no imminent threat to public safety, but said they are especially worried about the cargo on some barges. Source:

 • Fire damage will sideline a wastewater treatment plant in La Paz County, Arizona, for 3 months with trucks taking sewage elsewhere for treatment. –

31. September 19, – (Arizona) Sewage plant to be offline for 3 months. The Buckskin Sanitary District in the Parker Strip section of La Paz County, Arizona, must transport sewage for treatment elsewhere because its wastewater treatment plant was heavily damaged by fire, reported September 19. The September 13 fire destroyed the plant inside, said the district manager. ―It’s offline.‖ He said fire insurance will cover repairs that will take 90-120 days to complete. Sewage flowing into the plant was being pumped into 2 trucks making up to 20 trips a day to transport the material about 5 miles for treatment at the Joint Venture facility. Buckskin District customers were asked to conserve to minimize the cost of the temporary pump and transport operation. A HAZMAT crew from the Lake Havasu City Fire Department assisted the Buckskin Fire Department because of the presence of containers of chlorine used in sewage treatment. ―The HAZMAT team members entered the building and determined the chlorine gas cylinders were still leaking,‖ said Lake Havasu City Fire Department news release. One Lake Havasu City firefighter was injured when he was overcome by fumes and was transported to a hospital where he stayed overnight for observation. Source:

 • Many U.S. schools are not prepared for bioterrorism attacks, outbreaks of emerging infectious diseases or pandemics, a study found. – Saint Louis University

36. September 17, Saint Louis University – (National) Majority of US schools not ready for next pandemic, SLU researchers say. Many U.S. schools are not prepared for bioterrorism attacks, outbreaks of emerging infectious diseases or pandemics, despite the recent 2009 H1N1 influenza pandemic that resulted in more than 18,000 deaths worldwide, Saint Louis University researchers say. The study surveyed about 2,000 nurses working in elementary, middle, and high schools across 26 States. The findings reveal that only 48 percent of schools address pandemic preparedness and only 40 percent of schools have updated their plans since the 2009 H1N1 pandemic that spread illnesses in more than 214 countries. Published in the American Journal of Infection Control, the study also found that 44 percent of schools do not participate in community surveillance that tracks the presence of a disease based upon symptoms reported by area residents. These efforts are coordinated through local public health departments that assess indicators of biological threats. In order to have a regular and strong pandemic preparedness program, the study’s lead researcher suggests that school nurses should be involved in building and assessing the plan. Source:


Banking and Finance Sector

13. September 19, U.S. Securities and Exchange Commission – (Georgia; National) SEC charges Atlanta-based adviser with operating Ponzi-like scheme involving private investment funds. The Securities and Exchange Commission (SEC) September 19 announced charges against a private fund manager and his Atlanta-based investment advisory firm for defrauding investors in a purported ―fund-of-funds‖ and then trying to hide trading losses by creating new private funds to make money to pay back the original fund investors in Ponzi-like fashion. The SEC is seeking an emergency court order to freeze the assets of the manager and Summit Wealth Management Inc. and prevent further investor losses, which are estimated to be $17 million among approximately 200 clients. The manager told investors his fund was investing their money in other funds and investment products with minimal exposure to risks, while he actually invested the money in stocks. Those stocks led to losses that he tried to cover up by creating new funds and transferring money from new to old funds to cover up his losses. The hedge funds were Private Credit Opportunities Fund LLC and Asset Diversification Fund LP. Source:

14. September 18, Help Net Security – (International) Bogus ‘Refund Pending’ emails targeting PayPal customers. Fake PayPal notifications about a bogus refund are hitting inboxes around the world, trying to trick users into following the offered link and supposedly log into their accounts to receive it. The link will take users to a page that looks like PayPal’s log-in page, but is actually a fake one mimicking PayPal’s, and all the information submitted gets forwarded directly to the phishers behind the scheme. They will then likely use it to hijack the victim’s PayPal and gain entrance to other online accounts. Source:

15. September 18, WLNE 6 New Bedford – (Rhode Island; Massachusetts) ‘Bearded Bandit’ hits Pawtucket Credit Union in East Providence. The Pawtucket Credit Union in East Providence, Rhode Island, was robbed September 18, and police said the robber matched the description of the ―Bearded Bandit‖. The bandit is wanted for eight other robberies in Rhode Island and Massachusetts. Police said the man told a teller that he had a weapon, but did not display it. When the teller gave him money, the bandit left the bank on foot with an indeterminate amount of cash. Source:

16. September 18, Tacoma News Tribune – (Washington; National) Ex-Pierce Commercial Bank VP pleads guilty to loan-fraud charges. A Puyallup, Washington banker whose prodigious generation of home loan applications made him one of the nation’s top mortgage loan originators during the housing bubble pleaded guilty September 18 to two federal charges of conspiracy to submit false loan applications and submitting false statements to a financial institution to obtain a loan. The ultimate failure of dozens of those loans led to the demise of Tacoma’s Pierce Commercial Bank under a mountain of millions of dollars in defaulted debt. The former senior vice president at Pierce Commercial Bank admitted he had fabricated employment, financial, and housing records to ensure loans would be funded. According to court documents, the man and his associates, operating semi-autonomously from Pierce Commercial Bank as PC Home Loans, generated nearly $1 billion in home loan applications for the bank over several years. Two of his associates already pleaded guilty to lesser charges, and the third was scheduled for a change-of-plea hearing. The four were indicted in August 2011 after a lengthy investigation by the FBI, the Internal Revenue Service, the Department of Housing and Urban Development, and the U.S. Postal Service. Source:

17. September 18, U.S. Federal Bureau of Investigation – (California) Top managers of ‘Direct Money Source’ arrested in major foreclosure prevention scheme targeting homeowners in distress. The top two managers at a Westwood, California-based mortgage brokerage were arrested on federal charges relating to a foreclosure avoidance and equity-skimming scheme that targeted distressed homeowners, said a statement from the FBI September 18. According to an indictment, the scheme led several mortgage lenders to disburse more than $15 million in loan proceeds — with nearly half of that being lost to the fraud conspiracy. Federal authorities arrested the principal owner and the second-in-charge at Direct Money Source (DMS), a mortgage brokerage that allegedly operated as an equity-skimming operation that took possession of distressed homeowners’ equity under false pretenses and also defrauded mortgage lenders. A third defendant who worked at DMS surrendered. The fourth defendant named in the indictment is a fugitive being sought by authorities. A federal grand jury indictment charged all four defendants with conspiracy, wire fraud, loan fraud, and aggravated identity theft. The principal owner and second-in-charge were additionally charged with money laundering. Source:

18. September 18, Bloomberg News – (International) SEC claims Australia man ran $53 million forex investment fraud. U.S. regulators accused an Australia man of raising at least $53 million from investors with false claims that he ran a group of elite foreign-exchange traders who could generate 78 percent annual returns, Bloomberg News reported September 18. The man and his Brisbane, Australia-based firm, Investment Intelligence Corp., promised investors ―unlimited‖ passive income from his strategy of making only a few select trades each month with no more than 3 percent of an investors’ capital at risk in any given trade, the Securities and Exchange Commission (SEC) said in a lawsuit. The Commodity Futures Trading Commission filed a parallel lawsuit. The man’s fraud came to light in May, when investors discovered their accounts had lost 63 percent of their value after about 200 trades had occurred in a 2-day period, the SEC said. Following the losses, the man issued a white paper to investors, encouraging them to add more capital to their accounts to ―recoup the losses faster,‖ according to the complaint. Source:

19. September 18, – (Connecticut; National; International) 7 held, 2 hunted in $165,000 lottery scam targeting elderly. Seven people were arrested and warrants were issued for two others in a lottery scam based in Fairfield County, Connecticut, that targeted elderly people across the United States and caused losses in excess of $165,000, reported September 18. Those involved were charged with money laundering, racketeering, larceny, and conspiracy. Police in Stamford so far identified 31 victims from across the United States, mostly between 80 and 90 years old. Police said the ring contacted victims by telephone or letter, telling them that they had won a prize. Before collecting any supposed winnings, the victims were told that they would have to pay taxes or fees and send money through Western Union or U.S. Postal Service money orders. The money was then transferred to Costa Rica. Source:

20. September 18, Reuters – (International) Bank of America website slows; Prophet film threat made. Bank of America Corp’s online banking Web site suffered intermittent problems September 18 amid threats on the Internet that a group was planning to launch cyber attacks on the bank and other U.S. targets to protest a film that stirred unrest in the Middle East. Someone claiming to represent ―cyber fighters of Izz ad-din Al qassam‖ said it would attack the Bank of America and the New York Stock Exchange in a statement posted on Bank of America said its Web site was available but some customers might experience occasional slowness. The New York Stock Exchange declined to comment. Bank of America customers reached by Reuters in New York, Georgia, Ohio, and Michigan said they could not access the Web site. Source:

For another story, see item 44 below in the Communications Sector

Information Technology Sector

39. September 19, Softpedia – (International) Victims of phishing attacks unaware their websites are compromised, APWG finds. A study by the Anti-Phishing Working Group (APWG) reveals many Web site owners whose domains have been compromised by phishers are unaware that they are victims of a cybercriminal operation. In order to ensure their phishing campaigns do not get interrupted by security solutions providers, cybercriminals often take over legitimate hosts on which they plant their malicious Web pages. The results of the study show attackers are still mostly targeting environments that rely on Linux, Apache, MySQL, andPHP. The biggest concern is that in 80 percent of the cases, the site’s owners are unaware they are part of a criminal operation until a third party notifies them. In 40 percent of cases, phishing pages are removed from sites within 24 hours after they were planted. Close to 60 percent of the respondents claimed to have taken down the malicious Web sites within 2-3 days. Most individuals who experienced such incidents do not know much about how they became victims. Source:

40. September 19, The Register – (International) New vicious UEFI bootkit vuln found for Windows 8. Security researchers discovered security shortcomings in Windows 8 that create a means to infect the upcoming operating system with rootkit-style malware. Italian security consultants ITSEC discovered the security hole following an analysis of the Unified Extensible Firmware Interface (UEFI), a successor to the legacy BIOS firmware interface, that Microsoft began fully supporting with 64-bit versions of Windows 7. ITSEC analyzed the UEFI platform now that Microsoft ported old BIOS and MBR’s boot loader to the new UEFI technology in Windows 8. A senior security researcher at ITSEC used the research to create what is seen as the first UEFI bootkit targeting Windows 8. The proof-of-concept malware is able to defeat Windows 8’s Kernel Patch Protection and Driver Signature Enforcement policy. The UEFI boot loader developed by the researcher overwrites the legitimate Windows 8 UEFI bootloader, bypassing security defenses in the process. Source:

41. September 18, Ars Technica – (International) Microsoft pledges temporary fix for critical IE bug under attack. Microsoft plans to release a temporary fix for a critical Internet Explorer (IE) vulnerability that attackers are exploiting to install malicious software when unsuspecting end users visit booby-trapped Web sites. Microsoft’s announcement September 18 that it will make a temporary patch available, known as a Fixit, in the next few days came as a security researcher spotted three more Web sites that exploited the vulnerability. Source:
42. September 18, Threatpost – (International) Grum botnet attempts another comeback, fails again. The Grum botnet, which Dutch authorities and security researchers took offline earlier during the summer, made a second, unsuccessful attempt at a comeback the weekend of September 15 when the bot herders stood up two new command-and-control (C&C) servers in Turkey. The revival was short-lived however, and both C&Cs were taken offline. After spending months, or in some cases, years, building up their networks of infected machines and carefully choosing C&C server locations, bot herders are reluctant to let go of their creations even in the face of serious attention from law enforcement. Source:
For more stories, see items 14 and 20 above in the Banking and Finance Sector and 44 and 45 below in the Communications Sector

Communications Sector

43. September 18, San Antonio Express-News – (Texas) KLRN is off the air for some. An estimated 30 percent of local public television viewers in San Antonio have not been able to watch KLRN 9 San Antonio for several days because of a weather-related outage, San Antonio Express-News reported September 18. Engineers have been working around the clock to restore the signal, which originally was knocked out by storm damage to microwave equipment atop the station’s broadcast tower. A temporary fix could be in place the week of September 17, said the KLRN 9 San Antonio vice president of communications. She does not expect a permanent solution until September 24 at the earliest because the parts needed likely would not arrive until then. Source:

44. September 18, SecurityNewsDaily – (National) Hacked touch tones crash phone networks, steal data. According to one security researcher, interactive voice response systems (IVRs) — the ones people use to check and store voicemail and the ones people interact with when they call the bank — are so insecure that they could be tricked into spitting out sensitive information or taken down completely with just a single phone call. ―No banks or organizations are testing IVRs because they think the systems are secure, but in reality, they are not. No firewall or CAPTCHAs monitor voice traffic,‖ said a spokesman who works for security company iSight Partners. He explained that when a system’s audio processing algorithms are fed strange DTMF (dual-tone multi-frequency) signals, it can cause the entire system to behave strangely or crash calls. Source:

45. September 18, Reuters – (National) T-Mobile USA, RIM resolve issue that hurt some BlackBerry users. Research In Motion Ltd said September 18 a service disruption that affected Internet browsing for some BlackBerry users on T-Mobile USA’s network had been resolved. T-Mobile September 18 said some of its BlackBerry smartphone users were unable to use the device for emails or Internet browsing. The partial service disruption was limited to customers of the BlackBerry 9900 and did not affect phone call services and text messaging, according to T-Mobile USA, a unit of Deutsche Telekom. Source:,0,4103378.story

Department of Homeland Security (DHS)
DHS Daily Open Source Infrastructure Report Contact Information

About the reports - The DHS Daily Open Source Infrastructure Report is a daily [Monday through Friday] summary of open-source published information concerning significant critical infrastructure issues. The DHS Daily Open Source Infrastructure Report is archived for ten days on the Department of Homeland Security Web site:

Contact Information

Content and Suggestions: Send mail to or contact the DHS Daily Report Team at (703)387-2314

Subscribe to the Distribution List: Visit the DHS Daily Open Source Infrastructure Report and follow instructions to Get e-mail updates when this information changes.

Removal from Distribution List:     Send mail to

Contact DHS

To report physical infrastructure incidents or to request information, please contact the National Infrastructure
Coordinating Center at or (202) 282-9201.

To report cyber infrastructure incidents or to request information, please contact US-CERT at or visit their Web page at v.

Department of Homeland Security Disclaimer

The DHS Daily Open Source Infrastructure Report is a non-commercial publication intended to educate and inform personnel engaged in infrastructure protection. Further reproduction or redistribution is subject to original copyright restrictions. DHS provides no warranty of ownership of the copyright, or accuracy with respect to the original source material.