Department of Homeland Security Daily Open Source Infrastructure Report

Wednesday, December 10, 2008

Complete DHS Daily Report for December 10, 2008

Daily Report


 The Associated Press reports that federal agents were trying to track down who used various post offices in Dallas, Texas, to send seven governors letters containing a white powder that was later determined to not be dangerous, FBI officials said Tuesday. (See item 13)

13. December 9, Associated Press – (National) FBI probe of white powder letters focuses on Texas. Federal agents were trying to track down who used various post offices in Dallas, Texas, to send seven governors letters containing a white powder that was later determined to not be dangerous, FBI officials said Tuesday. It is possible more letters could arrive in the next few days, since it can take time for them to go through the mailing process, said an FBI special agent in Dallas. The governors’ offices in Alabama, Michigan, Minnesota, Mississippi, Missouri, Montana, and Rhode Island received the letters. Governors’ offices in all other states have been warned to be on the lookout for suspicious letters, said an FBI spokesman. Tests showed the powder was not dangerous, but officials are still trying to determine what it was. Source:

 According to Bloomberg, the crash of a U.S. F/A-18 fighter jet that killed at least three people in a San Diego neighborhood on Monday may have been caused by a power failure, a California congressman said. (See item 22)

22. December 9, Bloomberg – (California) U.S. fighter jet crash may have been caused by power failure. The crash of a U.S. F/A-18 fighter jet that killed at least three people in a northern San Diego neighborhood may have been caused by a power failure, a California congressman said Tuesday. The congressman said in an e-mail statement that Monday’s crash near Marine Corps Air Station Miramar was “likely unrelated” to structural problems with the F/A-18D planes that were identified in October. The fighter destroyed two homes and killed at least two adults and an infant when it plowed into the ground in the University City area of northern San Diego. The pilot ejected moments earlier and was in a stable condition, according to a statement issued by the base. The pilot, a member of the Marine Fighter Attack Training Squadron 101, was working toward his qualifications for takeoff and landing from an aircraft carrier at the time of the crash. He crashed while heading back to Miramar from the USS Abraham Lincoln, said a base spokeswoman. Source:


Banking and Finance Sector

7. December 9, Arkansas Democrat Gazette – (Arkansas) Former bank exec pleads guilty to fraud. The former senior vice president of lending at Twin City Bank in North Little Rock pleaded guilty Monday to money laundering and defrauding the bank of about $2.1 million, the U.S. attorney’s office said. Conway-based Home Banc-Shares Inc., which owns Twin City Bank, disclosed the fraud in July but did not identify the bank officer responsible. The defendant was in charge of maintaining customer relations with regard to deposits and addressing customer account problems. Because of his position, he had access to bank records and customer account records. The defendant was charged with diverting more than $1.2 million in bank funds between October 2000 and June 2008 from customer accounts to his account. He also redirected more than $172,000 from customer accounts to a third person for that person’s benefit and more than $705,000 from customer accounts so the funds could be recorded as fees paid to Twin City or interest paid by Twin City. Source:

8. December 8, – (National) Small banks want their bailout. So far, the Treasury Department has invested $161.5 billion in 52 companies as of last week. Another 93 banks have won approval for $48.4 billion in funds, according to analysts at Keefe, Bruyette and Woods. And thousands more are expected to apply for government funds by the time the deadline for private and thinly traded banks expires on Monday. As of last week, the Federal Deposit Insurance Corporation had already received approximately 1,200 applications from small community banks looking to enroll in the Troubled Asset Relief Program. That may come as a bit of a surprise given that many smaller banks have sidestepped the mortgage mess that has caused so many problems for large banks. But the slowing U.S. economy has prompted some banks to give the program a second look as they face the threat of rising loan losses in the coming year. The chief economist for the Independent Community Bankers of America said several smaller banks are applying for government funds even as board members and shareholders continue to weigh the merits and disadvantages of the program. Source:

9. December 8, Oregonian – (Oregon) Ex-loan officer gets federal prison sentence in mortgage scam. An admitted mortgage fraudster was sentenced to 63 months in federal prison Monday for engineering a number of bogus mortgage loans during the real estate boom. The man from Southeast Portland allegedly put together as many as 70 fraudulent loans from more than 30 financial institutions. He took an estimated $880,000 in kickbacks from deals inked from 2005 to 2007, according to court documents. He had formed his own company, MG Investments, and worked as a loan broker. He worked closely with several firms, most notably Lighthouse Financial of Vancouver. He would inflate the borrowers’ income and embellish their employment history in order to qualify them. He pleaded guilty in October to four counts of bank fraud, wire fraud, and money laundering. The U.S. district judge also ordered the man to pay $546,514.25 in restitution to Washington Mutual, which funded at least one of his mortgage deals. Source:

Information Technology

26. December 9, IDG News Service – (International) New Web attack exploits unpatched IE flaw. As Microsoft readies its latest set of security updates, online attackers have begun exploiting a new flaw in the company’s Internet Explorer (IE) browser. The flaw was made public in Chinese language discussion forums two days ago by a security group called the Knownsec team. In tests, the flaw was used on IE 7 running on Windows XP, Service Pack 2. It has already been used by attackers who have hosted it on hacked Web sites to target unsuspecting visitors, said the CEO of security vendor Amromrize Technologies. Now that the bug has been publicly disclosed, he expects attacks based on the flaw to become much more widespread. The code exploits a bug in the way IE handles XML (Extensible Markup Language) and works on the browser about “one in three times,” the CEO said in an instant message interview. For the attack to work, a victim must first visit a Web site that serves the malicious JavaScript code that takes advantage of the flaw. Microsoft is expected to release six critical patches Tuesday, including a fix for IE. Source:

27. December 8, Computer World – (International) SonicWall users exposed by license server breach. A technical problem in a license management server at SonicWall Inc. created havoc last week for users of the company’s firewall and e-mail security products, leaving many companies temporarily unprotected against spam, phishing and malware threats. It wasn’t immediately clear how many customers were affected by the license server glitch, which began early December 2 and was not resolved until that afternoon. But numerous users posted angry messages on a support forum on SonicWall’s Web site. An IT security administrator who reported the problem to Computerworld said via e-mail that SonicWall’s license manager erroneously reset license keys for products, making the licenses appear to be invalid. A SonicWall spokeswoman confirmed that one system in the Sunnyvale, California-based company’s license server pool “malfunctioned.” That caused “some” license keys to be reset, requiring users to resynchronize them with SonicWall’s servers after the problem was fixed, she said. A senior technical support engineer at SonicWall said in a post on the support forum that a license server problem shouldn’t result in local product registration information being lost. But, he added, that did happen “for a number of units” in this case. Source:

28. December 8, – (International) RIM updates BlackBerry Desktop Software to fix ActiveX flaw. Research In Motion (RIM) has quietly released an update to its BlackBerry Desktop Manager, fixing an ActiveX vulnerability in the Roxio Media Manager that could be exploited by an attacker to cause a buffer overflow. RIM uses the media manager to synchronize BlackBerrys and PCs running Microsoft Windows. In its advisory to customers issued November 27, RIM said the flaw could be exploited if a user visits a malicious website that invokes the control. The company urged its customers to upgrade to the latest patch for the BlackBerry Desktop Software version 4.5, 4.6 or 4.7. The problem is in Macrovision’s FLEXnet Connect, a software package that allows vendors to provide updates to applications, according to a vulnerability note issued by the United States Computer Emergency Readiness Team (US-CERT). As a workaround, US-CERT said companies could disable ActiveX controls in the Internet Zone. RIM also issued recommendations on setting administrative roles in the BlackBerry Enterprise Server. Source:,289142,sid14_gci1341610,00.html#

Communications Sector

29. December 9, WTOP 103.5 Washington – (District of Columbia) Crowds could overwhelm cell towers. The record crowds expected for the inauguration could mean cell phone towers will be overwhelmed and broadband Internet service slowed down, business and government leaders warned Monday. If 4 million to 5 million people show up as expected, the region could be in for a “logistical nightmare,” the Greater Washington Board of Trade president said. Source:

30. December 8, Emerson Network Power – (National) Emerson survey shows need for better, more consistent data center monitoring. According to a survey conducted by the Aperture Research Institute within Emerson Network Power of more than 100 data center professionals, only 35 percent are using a single, dedicated monitoring system that provides the level of detail necessary for outage prevention and efficient incident management. Real-time infrastructure monitoring helps data centers predict faults, which enables them to prevent problems before they occur, to react quickly to incidents, and to effectively measure infrastructure utilization. The survey found that although 88 percent of the data center professionals surveyed monitor their infrastructure, less than 30 percent monitor more than 90 percent of their equipment, restricting their ability to respond to outages and carry out preventative maintenance. Also, 12 percent of those surveyed revealed that they do not monitor the infrastructure of their data centers at all, and these data centers are unlikely to be able to offer a high level of uptime as a result. Source:{EBDF7957-D3C0-46B5-9076-8CFD0B5B5EA8}