Department of Homeland Security Daily Open Source Infrastructure Report

Friday, August 29, 2008

Complete DHS Daily Report for August 29, 2008

Daily Report


 According to Communications News, business travelers are losing more than 12,000 laptops per week at U.S. airports; only one-third of those are reclaimed. A study by the Ponemon Institute said that workforce mobility is putting companies at risk of having a data breach if a laptop containing sensitive information is lost or stolen. (See item 11)

See details below in Banking and Finance Sector.

 The Associated Press reports that New Orleans drew up evacuation plans as forecasters warned that Gustav could strengthen and slam into the Gulf Coast as a major hurricane. Since Katrina, the U.S. Army Corps of Engineers has spent billions of dollars to improve the levee system, but because of two quiet hurricane seasons, the flood walls have never been tested. (See item 38)

38. August 28, Associated Press – (Louisiana) Officials may evacuate New Orleans as Gustav nears. With forecasters warning that Gustav could strengthen and slam into the Gulf Coast as a major hurricane, a New Orleans still recovering from Hurricane Katrina’s devastating hit drew up evacuation plans. Since Katrina, the U.S. Army Corps of Engineers has spent billions of dollars to improve the levee system, but because of two quiet hurricane seasons, the flood walls have never been tested. Floodgates have been installed on drainage canals to stop any storm surge from entering the city, and levees have been raised and in many places strengthened with concrete. The regional levee director said the levee system can handle a storm with the likelihood of occurring every 30 years, what the Corps calls a 30-year storm. By comparison, Katrina was a 396-year storm. Scientists cautioned that the storm’s track and intensity were difficult to predict several days in advance. But in New Orleans, there was little else to do except prepare as if it were Katrina. Source:


Banking and Finance Sector

10. August 28, Agence France-Presse – (International) Taiwan cracks major hacking ring, data on president stolen. Police in Taiwan have arrested six people suspected of stealing personal data from state firms, including information about the island’s current and former presidents, officials said Wednesday. An official at Taiwan’s Criminal Investigation Bureau said the hackers had tapped into data held by government agencies, state-run firms, telecom companies and a television shopping network. He called it the biggest hacking operation of its kind in Taiwan. The suspects are believed to have stolen more than 50 million records of personal data, including information about Taiwan’s president, his predecessor, and the police chief, the official said. They then offered to sell the information for 300 Taiwan dollars (10 US) per entry, he said. The hackers, based in Taiwan and China, also swindled victims out of millions of Taiwan dollars through their online bank accounts, he said. Source:

11. August 28, Communications News – (National) The case of the 12,000 lost laptops. Business travelers are losing more than 12,000 laptops per week at U.S. airports. Only one-third of those are reclaimed, according to a study by the Ponemon Institute, sponsored by Dell. At the same time, more than 53 percent of polled business travelers say their laptops contain confidential or sensitive information, and 65 percent of these travelers admit they do not take steps to protect or secure the information contained on their laptop. Companies are dependent on a mobile workforce with access to information no matter where they travel. This mobility, however, is putting companies at risk of having a data breach if a laptop containing sensitive information is lost or stolen. To gather more information about this concern, the Ponemon Institute conducted field research at 106 major airports in 46 states and surveyed 864 business travelers in an airport environment. The airports with the highest number of lost, missing or stolen laptops include: Los Angeles International, Miami International, Kennedy International and Chicago O’Hare. While Adanta’s Hartsfield- Jackson International is the busiest airport in the United States, it is tied for eighth place (with Washington’s Reagan National) for lost, stolen or missing laptop computers. According to the study, the types of company information contained on business travelers’ laptop computers include customer or consumer data (47 percent), business confidential information (46 percent), intellectual property such as software code, drawings or renderings (14 percent), and employee records (13 percent). The average business cost when confidential personal information is lost or stolen is $197 per record, says the Ponemon Institute. Even one missing laptop, however, can become a serious problem for any organization. Source:

Information Technology

32. August 28, DB Techno – (National) Computer virus hits ISS, should NASA worry? It was confirmed yesterday by National Aeronautics and Space Administration (NASA) that they discovered a computer virus that has the ability to steal passwords on a laptop that is aboard the International Space Station (ISS). The virus was first discovered by Symantec back on August 27, 2008, with the virus being called W32.Gammima.AG. It impacts systems running Windows 2000, 95, 98, Me, NT, XP, and Windows Server 2003. At this point though, it does not seem that there is much of a threat to NASA directly from the virus. The report states that the virus is very easy to contain and remove, and can cause minimal damage. Source:

33. August 28, PC Advisor – (National) Hackers resort to ‘sick’ kidnap spam. Hackers are claiming they have kidnapped children in a bid to infect PCs with a Trojan Horse virus, said security firm Sophos. The security firm is warning users that emails entitled ‘We have hijacked your baby’ are being sent to Web users around the globe. As well as asking for a US$50,000 ransom for the ‘release’ of the child, the messages also contain an attachment supposed to be a photograph of the child. Instead the file actually contains a deadly Trojan Horse that will steal personal information. Source:;1663778139

34. August 27, ComputerWorld – (National) Terror threat system crippled by technical flaws, says Congress. A U.S. House subcommittee is charging that a $500 million IT project intended to “connect the dots” on terrorists and help prevent another 9/11 is a failure; it can’t even handle basic Boolean search terms, such as “and,” “or” and “not.” Allegations of waste and mismanagement were outlined in a staff memo and letter from the Subcommittee on Investigations and Oversight, which is part of the Committee on Science and Technology. The material was released last week in what is a usually a quiet month for Congress during its August recess. The bulk of the subcommittee’s charges come from a memo prepared by subcommittee staff about a data integration project called Railhead, which is intended to help intelligence and law enforcement agencies uncover terrorist plots. Railhead, due to be ready by year’s end, was supposed to combine and upgrade existing databases called Terrorist Identities Datamart Environment and improve terrorism-fighting capabilities. But the project is in such bad shape -- suffering from delays and cost overruns – that Subcommittee Chairman said: “There may be current efforts under way to close down Railhead completely.” Source:

Communications Sector

35. August 27, ComputerWorld – (National) Apple forgets to fix iPhone passcode bug. An iPhone bug that Apple Inc. patched last January to stop unauthorized users from bypassing the password-protected locking feature has resurfaced in newer versions of the phone’s software. The bug also affects the iPod touch. First reported yesterday by a user identified as “greenmymac” on the MacRumors forum, the flaw lets anyone sidestep passcode locking by simply tapping “Emergency Call” on the password-entry screen, then double-tapping the Home button. That leads to the iPhone’s Favorites, a list of frequently-called contacts, and their contact information, including phone numbers and addresses. If any of the contacts have e-mail or Web addresses associated with them, the trick also allows access to the iPhone’s e-mail application and Safari browser, respectively. Source:

36. August 27, Providence Business News – (Rhode Island) Verizon launches FiOS in Glocester, Smithfield. Verizon Communications Inc. Wednesday began offering its FiOS fiber-optic television service in Glocester and Smithfield, Rhode Island. Verizon’s local spokesman told Providence Business News the company expects to have the fiber-optic network built out to reach 85 percent of Rhode Island customers by the end of the year. The Rhode Island Public Utilities Commission has granted Verizon approval to offer FiOS service in 29 of the state’s 39 communities; the most recent approval was for state Cable Service Area 1, which includes Glocester and Smithfield. The television and Internet service is now available in 16 cities and towns across the Ocean State, the spokesman said, and the company expects it will be offered in four more municipalities by the end of the year: Cumberland, Lincoln, Central Falls, and Pawtucket. The other nine communities for which the company already has approval should gain access to the actual FiOS service in 2009, he said. Source:

37. August 27, Media Daily News – (National) FCC may still require HD access to satellite radios. Reviving an issue that earlier appeared to be settled, the Federal Communications Commission (FCC) may still require the merged Sirius-XM satellite radio broadcaster to include hardware that makes their radios compatible with HD terrestrial radio broadcasts. In a Notice of Inquiry, the FCC is inviting comment from the public and companies that may be affected, including manufacturers of satellite radios. The news comes just a few weeks after the FCC voted along party lines to allow the satellite radio merger to proceed. To get approval, Sirius and XM had to agree to a number of conditions, including leasing eight percent of the satellite spectrum to minority and public broadcasters and a three-year price cap on subscriptions. The 3-to-2 FCC vote made no mention of the HD radio requirement, which had been discussed but not included in the list of conditions presented to the satellite radio broadcasters. Source: