Department of Homeland Security Daily Open Source Infrastructure Report

Monday, September 8, 2008

Complete DHS Daily Report for September 8, 2008

Daily Report


 According to Reuters, the U.S. Navy secretary said on Wednesday he was concerned about maintaining a stable workforce at Gulf Coast shipyards after the recent evacuation caused by Hurricane Gustav. (See item 9)

9. September 3, Reuters – (Louisiana; Mississippi) U.S. Navy concerned about Gulf Coast post-hurricane workforce. The U.S. Navy secretary said on Wednesday he was concerned about maintaining a stable workforce at Gulf Coast shipyards after the recent evacuation caused by Hurricane Gustav. He said preliminary reports showed minimal, if any, damage to the yards, but he was worried about maintaining continuity in the workforce, which took a big hit after Hurricane Katrina in 2005. Northrop Grumman Corp, which operates shipyards in Pascagoula and Gulfport, Mississippi, and New Orleans and Tallulah, Louisiana, said it is still assessing the impact of the latest hurricane on its employees and facilities. The company had shut down operations in preparation for the storm but will resume full operations by Monday, said a spokeswoman. Source:

 The Los Angeles Times reports that airport officials and federal authorities have tightened security at Los Angeles International Airport because of the recent arrest of an elevator mechanic suspected of smuggling illegal immigrants into the U.S. (See item 12)

12. September 5, Los Angeles Times – (California) LAX tightens security measures after alleged smuggling. Airport officials and federal authorities said Thursday that they have tightened security at Los Angeles International Airport because of the recent arrest of an elevator mechanic suspected of smuggling illegal immigrants into the U.S. Officials for LAX and U.S. Customs and Border Protection said the measures included security adjustments at the federal inspection area inside the Tom Bradley International Terminal. Authorities declined to describe the changes to protect airport security. According to court records, the airport employee allegedly used his airport security clearances and a key to terminal elevators to help illegal immigrants skirt customs and immigration checks after arriving aboard Mexicana Airlines flights. A Customs and Border Protection spokesman said the man received security clearances from LAX and the federal government and passed background checks that included his employment history and whether he had a criminal record. State officials have described LAX as the top potential target for terrorists in California. Source:,0,3755262.story


Banking and Finance Sector

10. September 4, Associated Press – (Oregon, Wisconsin) E-mail scam from Spain aimed at Oregon consumers. According to police, an e-mail survey sent to Grants Pass, Oregon, area residents that offered $90 to answer questions for a bank turned out to be a scam run electronically from Valencia, Spain. The e-mail used a phony Home Valley Bank logo and asked for personal information the real bank says it would never request by phone or e-mail. And the scam hijacked a phone number for a health care organization in Wisconsin as its fake contact number, forcing the organization to waste time answering a number of angry phone calls before the scam was discovered. Home Valley Bank has blocked any transactions involved with the scam.


11. September 4, Reuters – (National) Wall Street, funds urge SEC to keep ratings in rules. Securities regulators disagree with America’s most powerful mutual funds and Wall Street players over plans to scrap requirements that money market funds hold investment-grade securities. For years, the Securities and Exchange Commission allowed fund firms to buy only highly rated municipal bonds for money market funds but now the SEC is considering changing that rule in an effort to curb investors’ reliance on credit ratings. Ironically, players like the Vanguard Group, one of the biggest in the $12.3 trillion mutual fund industry, want less freedom instead of more, arguing the SEC-mandated ratings offer would-be investors a sense of comfort. The SEC’s plan would remove an important investor protection and weaken investment standards, and could pose a risk to the stability of the $3.5 trillion money market fund industry, the Vanguard Chief Executive said in a letter filed with the agency. The Securities Industry and Financial Market Association, a Wall Street lobbying group, said the ratings give investors faith in the funds and create standards for assessing credit risks. A chairman of the board of trustees that oversees mutual fund firm Evergreen Investments, a mutual fund and asset management unit of Wachovia Corp said eliminating the rating requirement would place an inappropriate burden on trustees of money market funds. Other proposals include finding alternatives to establish net capital requirements for investment banks the SEC supervises. But one of the more controversial is the plan to eliminate part of its rule that requires money market funds to hold securities with ratings in one of the top two investment grades from a major rating agency. The SEC’s comment period for the proposals closes on Friday and the agency’s chairman has signaled that the new rules are a priority. Source:

Information Technology

28. September 4, Government Technology – (National) Companies continue to overlook evolved virus attacks. A recent security advisory from a messaging security company warned that service providers are placing e-mail users at risk by continuing to ignore sophisticated virus propagation techniques. Attackers are moving beyond traditional tactics, such as sending messages with virus executables attached or virus-infected documents, to employing hybrid attacks that combine elements of both spam and viruses. In these attacks, malware authors embed links in informative or advertising e-mails. Recipients are enticed to follow these links to a Website that hosts the malware, which could be a virus, worm, or Trojan. These advanced threats embed anti-spam and anti-virus (AV) evasion techniques with the objective of eluding both spam and traditional AV filters. Most spam filters are not capable of catching these highly mutable threats because they do not follow the recurrent, mass e-mail tactics commonly found in spam. Likewise, conventional AV solutions bypass these messages as they appear to be spam or phishing. As these attacks become the norm, operators are urged to re-examine their anti-virus strategies and ensure that their messaging security processes are capable of detecting these hybrid threats. Source:

29. September 4, Computer World – (National) Upcoming Microsoft patch lineup could be ‘massive,’ says researcher. Microsoft Corp. today Thursday it will ship four security updates next week, only a third as many as it did last month, to fix critical vulnerabilities in Windows, Office, Windows Media Player, and other parts of its software portfolio. The director of security operations at nCircle Network Security Inc said, however, that “it’s not going to be an easy month with all these different applications and different operating systems affected. Patching will be a lot more involved than you’d think with just four bulletins.” He called the patching job “potentially massive.” In the advance notification Microsoft published Thursday, it tagged all four of the expected updates as “critical” -- its highest threat rating. As customary, Microsoft limited the information to naming the affected software and providing only generalities about the bugs. However, all four will patch one or more “remote execution” vulnerabilities, flaws that allow attackers to gain control of a system by introducing malicious code, often by convincing users to open a file attachment or tricking them into visiting a rogue Web site. Source:

30. September 3, IDG News Service – (National) Spammers use free Web services to shield harmful links. Spammers are abusing free Web services to make their spam links look more legitimate, according to e-mail security vendor MessageLabs Ltd. One of the services, a photo hosting site called ImageShack, lets people upload different types of photo formats, including Flash files, said a senior analyst at MessageLabs. Flash files, which have the extension “.swf,” can be used for animated graphics and to automatically redirect people to other Web sites — a feature that can be abused. The attack involving ImageShack works like this: Spammers upload a Flash file and then copy the link for that file, which comes from ImageShack’s domain, into a spam message. If the link is followed, the Flash file redirects the victim to a spam site, he said. The technique offers an advantage for spammers. Antispam software will often scan links in e-mail and block any e-mails with suspicious-looking links. But ImageShack’s domain is considered to have a good reputation, so messages will not be blocked. Another, more dangerous variation on this theme is a spam e-mail promoting a video. If the link is clicked, a Flash file redirects the victim to a site where a pop-up window immediately implores the user to download a codec supposedly needed in order to play the video file. Invariably, the file is not a codec but rather some piece of malicious software. Source:

Communications Sector

31. September 4, TMCNet – (Southeast) US Carrier: We’ll protect fiber optic network from Hurricane Hanna. USCarrier Telecom, LLC., a company that provides high-speed fiber optic transport services in the Southeastern region, reportedly says it is prepared to combat the Hurricane Hanna along the Atlantic coast, primarily focusing Savannah, Georgia. Technicians have been spread across the multi-state area to manage its fiber optic network in four states stretched over 3,400 miles. USCarrier received approval to join the Wireless Priority Service, a group that provides priority wireless services to vital private sector personnel and infrastructure providers in the event of any emergency. All the field technicians and staff of network operation center have been informed by USCarrier to stay in a 24-hour alert mode through this weekend, when Hurricane Hanna is being expected to arrive. The company will also send ancillary personnel who will physically drive the network so that areas with problems might be identified. Apart from this, as a part of preparations to combat the potential destruction of Hanna, the back-up generators of the company have been tested, POP doors have been sealed and sand bagged, all the terminals have been backed-up, emergency equipment parts have been ordered for, and the cable contractors have been asked to prepare for quick deployment if some emergency arises. Source:

32. September 4, InformationWeek – (New York) ‘Nation’s largest wi-fi network’ launched by Cablevision. Cablevision Systems on Thursday debuted what it calls the “nation’s largest and most advanced consumer Wi-Fi network” across a wide swathe of New York’s Long Island. The service covers high-traffic community zones in Nassau County and in some areas of Suffolk County, as well as on commuter rail platforms and parking lots across Long Island. The Wi-Fi service is available without additional charge to Cablevision’s Optimum broadband customers. The Long Island deployment is the vanguard of Cablevision’s $310 million project to provide Wi-Fi service to its 2.4 million Internet customers in its New York-New Jersey-Connecticut tri-state service area. Source:

33. September 4, WAOI 4 San Antonio – (Texas) Scam targets Time Warner cable customers. Hundreds of people have already been affected by a new phishing scam that tries to get personal information over the internet and is targeting cable-TV customers. It comes in the form of an email that appears to be from Time Warner Cable. Time Warner has received more than 200 or emails related to the phishing scam. A spokesperson for Time Warner told News 4 the company would never send out an email asking for personal information or bank/credit card account information. Source: