Department of Homeland Security Daily Open Source Infrastructure Report

Wednesday, July 16, 2008

A new feature introduced with this publication is that we will include a link to the complete report. Thanks for the suggestion from a daily reader. Should time permit in the future we will update the prior entries to include the appropriate link.

Complete DHS Daily Report for July 16, 2008

Daily Report

• Constellation Energy Group is looking for ways to tame plentiful but unpredictable electricity supplies from wind, a carbon-free resource that supporters say could supply 20 percent of the U.S. power needs by 2030. (See item 2)

• Attorneys for the Farm-to-Consumer Legal Defense Fund today filed suit in the U.S. District Court – District of Columbia to stop the United States Department of Agriculture and the Michigan Department of Agriculture from implementing the National Animal Identification System, a plan to electronically track every livestock animal in the country. (See item 20)

Banking and Finance Sector

7. July 14, WDEL 1150 AM – (National) IRS warns of “phishing” scams. The IRS is warning people to be on the lookout for phishing scams. One scam that has surfaced over the last couple of months involves an e-mail telling recipients they are eligible for an economic stimulus payment, but to receive it, they have to fill out a form online asking for bank account numbers and other information. Other scams involve e-mails saying recipients are eligible for tax refunds or that the U.S. Tax Court has a case against them, and there is even a scam where a fake tax form comes by fax, with requests for bank account numbers and copies of driver’s licenses and passports. Source:

8. July 14, Dothan Eagle – (Alabama) Scam targeting local bank customers exposed. A telephone scam that sought to obtain account information from customers of local banks has been exposed and stopped. A senior vice-president for Army Aviation Credit Union confirmed that a telephone scam had been targeting local bank customers of several institutions and that his bank had taken steps to shut down the fraudulent calls. The officials said bank officials obtained the number making the calls and tracked it back to an Internet company that sells phone numbers. Bank officials convinced the company to shut down the number. Source:

Information Technology

34. July 15, – (International) Kingsoft: Computer viruses increased rapidly in first half of 2008. According to a report released by Chinese software company Kingsoft, in the first half of 2008, the company intercepted 1.24 million new computer viruses and trojans. This number increase by 338% compared with the total number in 2007 and it is more than the total virus number of the recent five years. The report says that in the first half of 2008, the number of trojans maintained a rapid growth. Apart from the continuous emergence of new viruses, some old viruses also became active with the help of downloaded viruses. According to the statistics, six out of the top ten viruses are downloader viruses. Kingsoft says that these downloader viruses bring a large number of trojans and screen the security software before downloading the malicious files. Therefore, even some old trojans that can be killed by some anti-virus software will still be able to safely steal sensitive information from computer users. Source:

35. July 15, CanWest News Service – (International) Power outage wreaks havoc on Internet. On Monday morning a fire in Vancouver, Canada knocked out power to skyscrapers and buildings throughout the city’s downtown core and caused traffic nightmares in the city and Internet woes all over North America. A BC Hydro technician was lowered into the underground vault near a Hydro station where the fire began, but crews were not able to repair the damage. BC Hydro said late Monday about 2,200 customers were without power overnight in downtown Vancouver. Many affected by the outage were large employers. Adding to the power outage woes, Internet services for many companies was blacked out when one of seven backup generators at Harbour Centre, a major telecommunications and Internet hub in Vancouver, conked out. The vice-president and general manager of the Harbour Centre complex, said two major tenants were affected. “Unfortunately, we’re a big network of customers and clients,” he said. “I think the repercussions were felt all over North America.” Source:

36. July 14, Editor and Publisher – (National) ‘Seattle Post-Intelligencer’ ads affected by computer virus. Parts of the Seattle Post-Intelligencer’s Web site were affected by a computer virus that apparently spread through online advertisements for NWAutos, the paper reported Sunday. The affected ads, which were marked by Google with the warning, “This site may harm your computer,” were removed from the Post-Intelligencer’s Web site Sunday morning. The virus was later removed and the ads returned to their places on the site. However, as of Monday morning, the NWAutos site said it was experiencing “technical difficulties.” The server that hosts the NWAutos ads, Gabriels Technology Solutions, was likely attacked by a virus; the bug that affected the NWAutos ads has been active since early July and has infected more than 50 sites. Gabriels also provides advertising to The New York Times and the San Francisco Chronicle. The Google warnings did not appear on the NWAutos ads on the Seattle Times Web site, possibly because it did was not found in any of Google’s regular scans for viruses. The Post-Intelligencer report recommends that any users who accessed their Web site Sunday morning run anti-virus programs on their computer to remove any potential problems. Source:

37. July 14, IDG News Service – (National) New service tracks missing laptops for free. Researchers at the University of Washington and the University of California, San Diego, have found a way to give you a shot at getting your life back. On Monday, they launched a new laptop tracking service, called Adeona that is free and private. Once downloaded onto a laptop, the software then starts anonymously sending encrypted notes about the computer’s whereabouts to servers on the Internet. If the laptop ever goes missing, the user downloads another program, enters a username and password, and then picks up this information from the servers, specifically a free storage service that has been around for several years, called OpenDHT. The Mac version of Adeona even uses a freeware program called isightcapture to take a snapshot of whomever is using the computer. Adeona doesn’t exactly give you the address and phone number of the person who’s stolen your laptop, but it does provide the IP address that it last used as well as data on what nearby routers it used to connect to the Internet. Armed with that information, law enforcement could track down the criminal, said an assistant professor at the University of Washington. “Once you actually recover information about your laptop ... you probably want to take this information to the police.” Because Adeona ships with an open-source license, anyone can take the code and improve it or even sell it. The researchers say they’re hoping that software developers will build all kinds of new features such as Global Positioning System-aware tracking systems for new platforms such as the iPhone. Later this month, the Adeona team will give a technical presentation at the Usenix Security Symposium in San Jose. Source:

38. July 14, Computerworld– (National) Unpatched Windows PCs fall to hackers in under 5 minutes, says ISC. It takes less than five minutes for hackers to find and compromise an unpatched Windows PC after it’s connected to the Internet, a security researcher at the SANS Institute’s Internet Storm Center (ISC) said Monday. She currently estimates the “survival” time of an Internet-connected computer running Windows at around four minutes if it is not equipped with the latest Microsoft Corp. security patches. The ISC maintains a record of the time between network probes for an average IP address, and assumes that hackers would follow a successful probe – which would disclose one or more open ports – with an exploit, most likely a worm. Another security researcher, however, said unpatched machines can last longer than just a few minutes before falling to attack. The German Honeypot Project, which sets vulnerable systems on the Internet to collect malware, estimates survival time in hours, not minutes. Source:

39. July 14, IDG News Service – (National) Researcher to demonstrate attack code for Intel chips. A security researcher plans to demonstrate how an attacker can target flaws in Intel’s microprocessors to remotely attack a computer using JavaScript or T CP/IP packets, regardless of what operating system the computer is running, in a presentation at the upcoming Hack In The Box (HITB) Security Conference in Kuala Lumpur, Malaysia, during October. The proof-of-concept attacks will show how processor bugs, called errata, can be exploited using certain instruction sequences and a knowledge of how Java compilers work, allowing an attacker to take control of the compiler. “I’m going to show real working code...and make it publicly available,” he said, adding that CPU bugs are a growing threat and malware is being written that targets these vulnerabilities. Different bugs will allow hackers to do different things on the attacked computers. “Some bugs just crash the system, some allow a hacker to gain full control on the kernel level. Some just help to attack Vista, disabling security protections,” he said. The demonstrated attack will be made against fully patched computers running a range of operating systems, including Windows XP, Vista, Windows Server 2003, Windows Server 2008, Linux and BSD, he said. Processors contain hundreds of millions of transistors and errata in these chips are relatively common. While some errata can affect a chip’s ability to function properly – such as the errata that last year forced Advanced Micro Devices to push back volume shipments of its quad-core Opteron processors – many others exist unnoticed by users. Source:

Communications Sector

40. July 14, Associated Press – (Colorado; Minnesota) Qwest Communications, union in contract negotiations ahead of two political conventions. Qwest Communications and its largest employee union have started negotiations with the hope of agreeing on a new contract ahead of two political conventions that are counting on the company for telecommunications services. A contract covering about 21,000 workers is scheduled to expire August 16, a little more than a week before the Democratic National Convention in Denver. The Republican National Convention begins September 1 in St. Paul, Minnesota. Denver-based Qwest committed $6 million worth of cash and in-kind services to each convention to provide telephone, Internet and data services. Qwest is the primary telephone service provider in Colorado, Minnesota and 12 other states, mostly in the West. It also operates a nationwide fiber optic network. The company said it has plans in place to cover operations in its vast territory and the two conventions in the event of a strike. A Qwest spokesman said contingency plans are standard procedure during contract talks and noted that they have a good working relationship with the union. Communications Workers of America spokesman said the union wants to get a deal before the contract ends, adding that the “key issues are wages, health care benefits and some scheduling concerns.” Representatives of both conventions declined specific comment on the negotiations other than to say preparations for telecommunications services are under way at both sites. Source:,0,2584050.story

41. July 14, KULR 8 Billings – (Montana) Phone lines cut. Residents in many areas around Billings were without essential phone service for much of the day Monday as construction crews cut a major fiber optic line. The breech cut 911 services to Bridger, Columbus, Fromberg, Joliet, Laurel, Park City, Roberts and Red Lodge. It also affected Internet and long distance services to many of those areas and parts of Billings. Officials with Qwest said an electrical company doing work in the area sliced the cable Monday morning at about 10:30. They said the cable was buried at least 36 inches under the ground and the area was marked to indicate that there was a cable there. Crews worked for most of the day to repair the fiber optic cable, and restored service to all Qwest customers by about 3:45 p.m. Emergency services for many areas were re-routed through the Billings Dispatch Center, but the manager of that center said people were not able to call out and they didn’t receive any phone calls from those areas. A spokesperson for Qwest said Sprint and AT&T lease space on Qwest cables. She said they have not been able to restore service to those customers yet. Source: