Department of Homeland Security Daily Open Source Infrastructure Report

Friday, June 5, 2009

Complete DHS Daily Report for June 5, 2009

Daily Report

Top Stories

 According to the Houston Chronicle, the FBI, the FAA, and the Liberty County, Texas Sheriff’s Department met Tuesday to compare notes on an unidentified flying object reported on May 29 by an ExpressJet Airlines pilot shortly after takeoff from Bush Intercontinental Airport. (See item 14)

14. June 3, Houston Chronicle – (Texas) FAA looks into what pilot saw over Liberty. The Federal Bureau of Investigation (FBI), the Federal Aviation Administration and the Liberty County Sheriff’s Department met June 2 to compare notes on an unidentified flying object reported late last week by an ExpressJet Airlines pilot. The pilot reported a “missile or rocket” flying near his airplane May 29 at 8:09 p.m., shortly after takeoff from Bush Intercontinental Airport, according to sheriff’s officials. “The FAA then contacted the Liberty County department dispatcher and said their pilot reported an object flying straight at his aircraft and passed 100 feet under it,” said the chief deputy for the Liberty County Sheriff’s Department. An FBI spokeswoman said the agency was aware of the sighting. “We haven’t found anything yet — either something on the ground where it launched or on the ground where it came down,” said a Liberty County Sheriff’s corporal. The Continental Express jet was on a commercial flight to Greenville, South Carolina. Source:

 Minnesota Public Radio and the Associated Press report that Minnesota’s OSHA has opened an investigation into an ammonia leak that was discovered Tuesday at the JBS Swift pork plant in Worthington. More than 50 workers were hospitalized after an overhead pipe carrying the refrigerant broke. (See item 20)

20. June 3, Minnesota Public Radio and Associated Press – (Minnesota) OSHA to investigate Worthington ammonia leak. Minnesota’s Occupational Safety and Health Administration (OSHA) has opened an investigation into an ammonia leak that was discovered Tuesday at the JBS Swift pork plant in Worthington. More than 50 workers were hospitalized after an overhead pipe carrying the refrigerant broke. JBS officials were not sure what caused the break. OSHA inspectors will interview employees who were working at the time, as well as review the company’s safety and health procedures and the training that was offered to employees, according to the OSHA communications director. There were no serious injuries, and most of the workers have been released following checkups. The OSHA communications director said it is still unclear if the leak involved a faulty valve. Source:


Banking and Finance Sector

8. June 4, Bloomberg – (National) FDIC offers financing for failed bank assets; delays loan sale. The Federal Deposit Insurance Corp., unable to get U.S. banks to sell toxic loans in a government program, plans to sell hard-to-price assets seized from failed lenders using guaranteed debt financing. A test auction of illiquid bank assets, planned this month, was delayed after lenders raised capital without needing to sell bad loans, the agency said. The FDIC will instead use debt guarantees as an incentive for buyers of assets when lenders are in receivership, the agency said. “If the FDIC can sell bad assets of failed banks, they will be a winner and it gives opportunities for the private sector as well,” said a partner specializing in financial services at law firm Jones Day in Atlanta. The U.S. President’s administration unveiled the two-part Public- Private Investment Program on March 23 as a centerpiece of its effort to shore up the financial system by removing illiquid assets. It would be funded by $75 billion to $100 billion from the Treasury’s Troubled Asset Relief Program. Since the program was announced, U.S. banks have raised capital through stock sales and by converting preferred shares, and as of June 3 the total reached almost $100 billion, according to data compiled by Bloomberg. Source:

9. June 3, Fremont Tribune – (Nebraska) Police warn of possible phone scam. Fremont Police are warning residents to be alert for a possible phone scam. A police lieutenant said the department received more than 20 calls on June 2 in reference to recorded phone calls that claimed to be from several different banks. The message informed those who answered that their credit card may have been compromised and they were asked to enter their credit card number. “It appears this is a scam and we suggest that no one enter their credit card information,” the lieutenant said. The lieutenant also encouraged anyone who has questions about the calls to contact their local bank. Source:

10. June 3, – (National) FDIC extends $250,000 deposit insurance. Consumers who want to safeguard their money in these turbulent times will benefit from the four-year extension of $250,000 FDIC deposit insurance per depositor on individual accounts. The insurance limit was slated to roll back to $100,000 January 1, 2010, but Congress has extended the deadline through December 31, 2013. As things stand now, the standard insurance coverage will revert to $100,000 per depositor January 1, 2014. “No doubt some investors had been nervously eyeing the December 31 sunset of that $250,000 threshold,” said a senior financial analyst at “If they were renewing CDs, any maturities of seven months, nine months, a year, pretty common maturities, anything beyond that December 31 time frame had to have enough wiggle room so that interest earnings did not put the investors over the lower $100,000 insurance cap that would have been reinstated.” The original increase from $100,000 to $250,000 was announced in October 2008 as consumers were losing faith in the financial markets and the banking system. Congress wanted to assure consumers that their funds were safe in the nation’s FDIC-insured banks and NCUA-insured credit unions. Source:

11. June 2, SC Magazine – (National) Bank of America certificate scam propagating Waledac, Virut. A new spam campaign disguised as a Bank of America email telling users they need to update their digital certificate is attempting to lure users into installing the Waledac worm. The messages, which first started being detected recently, seemingly come from Bank of America, and tell users, “The digital certificate for your Bank of America direct online account has expired. You need to update the certificate using Bank of America direct digital certificate updating procedure.” Recipients are then instructed to click on a link and follow the given instructions, the lead threat analyst at web and email security firm Marshal8e6 told in an email on June 1. The spam originates from the Pushdo botnet, which has been active in similar malicious phishing attacks, the analyst said. After following the link, the user is encouraged to fill in a web form, and to download a new “digital certificate” to continue, the analyst said. The “certificate” however, is an executable file which seeks to download malware to the victim’s PC. The SANS Internet Storm center said in a post on June 1 that a quick analysis of this malware showed “probable signs” of Waledac, the notorious worm capable of harvesting and forwarding password information and receiving commands from a remote server. A threat researcher for Panda Security confirmed to on June 2 that the threat is being detected as Waledac. Source:

Information Technology

36. June 4, Tech Crunch – (International) Phishing scam targets YouTube partners. Some YouTube partners are being hit with e-mails seemingly coming from Google/YouTube teams attempting to trick them into replying with their login credentials and other personal information. One partner contacted Tech Crunch with screenshots of the phishing messages, the first received at the end of May and the second on June 3rd, coming from and delivered to different accounts. While the first e-mail was quite amateuristic of nature and came filled with stuff that should raise quite some warning flags (typos, clumsy phrasing, Youtube instead of YouTube, etc.), the second appeared more genuine and had a body text edited rather professionally. In both cases, the YouTube partner was told that there was some kind of problem with his or her account, either with videos that purportedly contained copyrighted material, hate speech/bullying, or other issues that violate the service’s ToS. The first e-mail urged partners to respond with their username, password, e-mail address and D.O.B, while the second asked only for the password. It is unclear whether this phishing scam was aimed at our tipster specifically or if this is a more widespread problem, but in any case YouTube has been alerted by the user and a Tech Crunch staff member, although neither have yet to receive a response. Source:

37. June 3, Congress Daily – (National) Obama Administration begins work on cybersecurity R&D. Maximizing government investment in federal cybersecurity research and development is a major component of the U.S. President’s plan to bolster defenses against high-tech attacks. If the White House’s new cyber strategy and key agencies’ fiscal 2010 budget requests are any indication, they are off to a solid start. In the near term, the White House’s unnamed cyber czar will be charged with developing a framework for R&D strategies that focus on “game-changing technologies” and provide the research community access to event data to help develop tools and testing theories, according to the May 29 report, which stemmed from a 60-day review. That czar will eventually develop threat scenarios and metrics for risk management decisions, recovery planning and R&D prioritization. “Research on new approaches to achieving security and resiliency in information and communications infrastructures is insufficient,” the report stated. “The government needs to increase investment in research that will help address cybersecurity vulnerabilities while also meeting our economic needs and national security requirements.” The President proposed a $37.2 million cyber R&D budget for DHS in fiscal 2010 to support operations in its national cybersecurity division as well as projects within the CNCI. DHS is using much of its fiscal 2009 allotment to deploy Einstein, a system to analyze civilian agencies’ systems for cyber threats and intrusions. Source:

For a related story see Item 11in the Banking and Finance Sector, above.

Communications Sector

38. June 3, Oceana Herald Journal – (Michigan) Cut cable disrupts phone service for 6 hours. A cut fiber-optic cable in the Shelby area May 29 interrupted land-based and cellular telephone service in Oceana and Mason counties for approximately 6 hours. Verizon crews located the cut line at approximately 2 p.m., but were unable to provide an exact location. It was a Verizon contractor that cut the line. Most service was restored by 4 p.m., but some AT&T customers and Carr Telephone customers in Mason County did not have their service restored until slightly later. The interruption affected Verizon telephone, Verizon Wireless and Nextel phone services. Altell cell phone service was sporadic. The outage also affected some internet access and prompted some banks to close. The severed fiber-optic cable mainly affected Oceana County, the Mason-Oceana Central dispatch director said. Mason County still had phone service, he said, but could not contact central dispatch.


39. June 2, Unstrung – (National) Test results raise femto service concerns. Policy management techniques used by broadband service providers are a serious threat to the quality of services —particularly voice — delivered over femtocell connections. The issue, which came to light during recent service tests, is a major concern, as the use of policy control technologies could potentially cause major service quality problems for mobile operators when they rely on broadband connections from other operators to backhaul femtocell traffic. When third-party providers are used for that portion of the network, mobile operators do not have complete control over how their traffic is treated. And, as a result, the quality of femto services, especially voice, could suffer. Broadband test specialist Epitiro recently evaluated femtocell voice and data service quality over the top ten broadband networks in an unidentified country, which cannot be named for confidentiality reasons. Epitiro found that even the lowest-end consumer broadband service had enough bandwidth capacity to support a femtocell service, so capacity was deemed not to be an issue. But in four out of the ten cases, the test results showed poor voice service quality. A closer inspection into the degraded voice services revealed that packet loss was the culprit for the quality problems, according the chief technology officer at Epitiro. In his analysis, he concludes the reason for the packet loss in those four cases was the policy management used to control IPsec traffic: That has a direct impact on femto traffic, which is encrypted in IPsec tunnels. Epitiro’s test results show that in a worse-case scenario, users would lose service during peak periods. Source:

40. June 2, Capital Times – (Wisconsin) Charter customers back on line. Thousands of local Charter Communications customers could not watch TV and had a difficult time communicating for about eight hours on June 1, after a main fiber optic cable was damaged on the south side. The outage lasted from about 11 a.m. to 7 p.m., affecting cable TV, Internet, and phone customers in Madison, Oregon, Brooklyn, Baraboo, Portage and Dodgeville. A construction company truck damaged the cable when the cable was knocked off a pole in Fitchburg. Source:

No comments: