Department of Homeland Security Daily Open Source Infrastructure Report

Friday, October 3, 2008

Complete DHS Daily Report for October 3, 2008

Daily Report

Headlines

 The San Mateo County Times reports that San Mateo, Hillsborough, and the county-run Crystal Springs sanitation districts in California must collectively pay more than $1.7 million in fines to a regional enforcement agency for discharging raw sewage into streets, creeks, and the San Francisco Bay in violation of the Clean Water Act. (See item 24)

24. October 1, San Mateo County Times (California) San Mateo, Hillsborough and Crystal Springs fined $1.7 million for discharging sewage. San Mateo, Hillsborough and the county-run Crystal Springs sanitation districts must collectively pay more than $1.7 million in fines to a regional enforcement agency for discharging raw sewage into streets, creeks and the San Francisco Bay in violation of the Clean Water Act. The San Francisco Regional Water Quality Control Board announced the fines on Tuesday, which penalize each sanitation district for several years worth of large sewage backups between Dec. 1, 2004 and July 14, 2008. In addition to the fines, the staff of the Regional Water Board is asking board members to approve a collective “cease-and-desist order” that would impose long-term requirements on each sanitation district to do better monitoring of pipeline leaks and come up with lasting solutions. One major, complicating factor is San Mateo’s wastewater treatment plant, which officials say can’t handle all the water it gets from leaky sewer pipes in major storms. The pipes back up as a result. San Mateo is already under orders to upgrade capacity at its wastewater plant by 2013, although the city has no design yet or a proposal for how the city would pay for it. The Regional Water Board has already fined San Mateo $66,000 for illegal discharges at its wastewater treatment plant since 2000, according to records obtained by the Times. Source: http://www.mercurynews.com/breakingnews/ci_10613857

 According to the Army Times, beginning October 1 for 12 months, the 3rd Infantry Division’s 1st Brigade Combat Team will be under the day-to-day control of U.S. Army North, the Army service component of Northern Command, as an on-call federal response force for natural or manmade emergencies and disasters, including terrorist attacks. (See item 32)

32. September 30, Army Times – (National) Brigade homeland tours start Oct. 1. The 3rd Infantry Division’s 1st Brigade Combat Team (BCT) has spent 35 of the last 60 months in Iraq patrolling in full battle rattle, helping restore essential services and escorting supply convoys. Now they are training for the same mission at home. Beginning October 1 for 12 months, the 1st BCT will be under the day-to-day control of U.S. Army North, the Army service component of Northern Command, as an on-call federal response force for natural or manmade emergencies and disasters, including terrorist attacks. This new mission marks the first time an active unit has been given a dedicated assignment to NorthCom, a joint command established in 2002 to provide command and control for federal homeland defense efforts and coordinate defense support of civil authorities. After 1st BCT finishes its dwell-time mission, expectations are that another, as yet unnamed, active-duty brigade will take over and that the mission will be a permanent one. Source: http://www.armytimes.com/news/2008/09/army_homeland_090708w/


Details

Banking and Finance Sector


10. October 2, Reuters – (National) SEC extends short sale ban to give Congress time. U.S. securities regulators on Wednesday extended an emergency ban on short selling in more than 950 financial stocks to give Congress time to finish legislation to rescue the financial system. The Securities and Exchange Commission (SEC) said the ban would expire three business days after a $700 billion federal bailout bill was enacted, but would not last beyond October 17. The SEC rules, issued on September 19, include one that requires big money managers to publicly disclose their short positions. That temporary order will expire on October 17, but the SEC said it intends to make that rule permanent. The SEC also said it extended a curb on abusive short selling rules, including one that makes it fraudulent for short sellers to deceive broker-dealers about their intention or ability to deliver securities in time for settlement. Equity and option market makers will continue to be exempt from the short sale ban on financial stocks, in order to ensure liquidity in the markets. Source: http://www.reuters.com/article/ousiv/idUSTRE49107K20081002?pageNumber=2&virtualBrandChannel=0


11. October 2, Redmond Magazine – (National) Payment card security toughens with DSS 1.2 release. The Payment Card Industry Council on Wednesday released an updated version of its PCI data security standard, which is designed to help protect transmitted charge and debit card information. The standard calls for enterprises to build and maintain secure networks, protect stored cardholder data, and encrypt its transmission. In addition, PCI DSS 1.2 spells out a comprehensive vulnerability management program. Steps under the program include access control testing, system monitoring, and the implementation of documented enterprise-wide security policies. Experts say that a beefed-up security and monitoring program can be folded into audit programs to meet both PCI compliance requirements and Sarbanes-Oxley Section 404 guidelines for general computer controls and application security. Source: http://redmondmag.com/news/article.asp?EditorialsID=10260


12. October 1, New York Times – (National) Senate passes bailout plan; House may vote by Friday. The Senate strongly endorsed the $700 billion economic bailout plan on Wednesday, leaving backers optimistic that the House will accept it by Friday and end the legislative uncertainty that has rocked the markets. The Senate margin was 74 to 25 in favor of the White House initiative to buy troubled securities in an effort to avoid an economic catastrophe. Besides additional tax breaks for individuals and businesses, senators also included a temporary increase in the amount of bank deposits covered by the Federal Deposit Insurance Corporation, to $250,000 from $100,000. After receiving the proposal from the Treasury Secretary almost two weeks ago, Congress instituted a series of changes, including additional oversight, steps to limit home foreclosures, and restrictions on the compensation of executives of institutions that take part in the Treasury program. Under pressure to tighten the plan even more, Congressional and administration negotiators decided to parcel out the $700 billion in installments, starting with a first tranche of $350 billion. They added a final requirement that in five years the president must present Congress with a plan to make up any losses of tax funds by looking to the financial community to make up the difference. Source: http://www.nytimes.com/2008/10/02/business/02bailout.html?pagewanted=1&_r=2&hp&adxnnlx=1222952764-kvEVIex0kl%20SLTFtlDodgQ


Information Technology


33. October 2, VNU Net – (International) Malware masquerades as YouTube video. Security experts are warning users of a new malware attack posing as a pornographic YouTube video. Researchers at McAfee said that the newly-discovered attack attempts to lure the user to a malicious site by way of a YouTube page promising an adult movie. YouTube’s terms of service prohibit the posting of obscene content, and the company removes videos it deems inappropriate. But the attack does not actually post the videos on YouTube. Instead, the attackers have constructed a fake YouTube user account. Forum spam messages are then used to link to the profile pages, which in turn offer ‘video’ links hosted on an external site. Believing the page to be hosting a legitimate YouTube video, the user follows the link which attempts to perform a number of browser exploits as well as a fake codec attack in which the user is told that an ‘additional file’ is needed to display the video. Source: http://www.vnunet.com/vnunet/news/2227350/malware-hides-behind-promise


34. October 1, Register – (International) DoS attack reveals (yet another) crack in net’s core. Security experts say they have discovered a flaw in a core internet protocol that can be exploited to disrupt just about any device with a broadband connection, a finding that could have profound consequences for millions of people who depend on websites, mail servers, and network infrastructure. The bug in the transmission control protocol affords attackers numerous new ways to carry out denials of service on equipment at the heart of data centers and other sensitive points on the Internet. The new class of attack is especially severe because it can be carried out using very little bandwidth and has the ability to paralyze a server or router even after the flood of malicious data has stopped. Source: http://www.theregister.co.uk/2008/10/01/fundamental_net_vuln/


Communications Sector


35. October 2, TMCnet – (National) Hughes Network Systems intros satellite backup service for SMBs. Hughes Network Systems announced the availability of its broadband backup service plans for small and medium-sized businesses. These services provide automatic satellite backup in the event of a landline failure. Hughes developed the backup services to overcome network outages and disasters and provide business continuity to its users. The backup plans are available in two different versions, depending on the type of primary landline service, Internet access, or private network the user has. Source: http://satellite.tmcnet.com/topics/satellite/articles/41594-hughes-network-systems-intros-satellite-backup-service-smbs.htm


36. October 2, IDG News Service – (National) Skype messages being monitored in China, group says. Tom-Skype, a joint venture in China between eBay’s Skype unit and Tom Online, has been known to operate a text filter on text chats, but a new report says that the data is stored insecurely and the text messages and records containing personal data can be easily accessed. Tom-Skype regularly scans text chat messages for politically sensitive keywords, and stores them insecurely, according to a study by researchers in Canada. If the keywords are present, the text messages and records containing personal information are stored on insecure publicly-accessible servers together with the encryption key required to decrypt the data, according to a joint report by the Citizen Lab at the University of Toronto, and the SecDev Group in Ottawa. Source: http://www.networkworld.com/news/2008/100208-skype-messages-being-monitored-in.html?page=1


37. October 1, United Press International – (Florida) Copper thieves allegedly posed as workers. Police in Florida say that a group of copper thieves posed as utility workers to go into manholes and steal cable from under city streets. Five men were arrested Monday night in Riviera Beach, the Palm Beach (Florida) Post reported. The suspects, all from Miami, were charged with attempted burglary and possession of stolen property. Investigators said that the men allegedly used a van painted with the logos “Utility Service Contractors of Florida” and “Utility Maintenance & Repair Services Inc.” and dressed in uniforms that looked like those worn by utility company employees. When they went to work at a manhole, they put orange cones around the site. The group allegedly made off with at least $1 million worth of copper cable in Riviera Beach and West Palm Beach. Source: http://www.upi.com/Top_News/2008/10/01/Copper_thieves_allegedly_posed_as_workers/UPI-39041222891669/