Department of Homeland Security Daily Open Source Infrastructure Report

Friday, January 9, 2009

Complete DHS Daily Report for January 9, 2009

Daily Report


 The Associated Press and KING 5 Seattle report that widespread avalanches, mudslides, and high water throughout Washington State closed 62 highways, including all passes in the Cascade Range. (See item 11)

11. January 8, Associated Press and KING 5 Seattle – (Washington) Washington residents flee as rivers swell. More than 30,000 people were told to leave their flood-endangered homes in Western Washington Thursday as rain and high winds lashed much of Washington, causing widespread avalanches, mudslides, and high water that could reach record levels. Throughout Washington, 62 highways are closed, including all passes in the Cascade Range. The state is beginning the process of shutting down a 20-mile stretch of Interstate 5 in Lewis County. The National Weather Service says 22 rivers are at or above flood stage and major flooding is expected on 19. State emergency officials said voluntary evacuations were recommended for the southwest Washington cities of Naselle, Packwood, and Randle. Many roads are underwater and closed to traffic. The Transportation Department says portions of I-5 in Lewis County could go under water. Avalanches and the risk of more slides closed Interstate 90, Washington’s principal east-west route, through Snoqualmie Pass, as well as U.S. Highway 2 through Stevens Pass and U.S. 12 through White Pass. With State Routes 20 and 410 closed for the season, the only road access between the two sides of the state within Washington was winding, two-lane Highway 14 through the Columbia River gorge. U.S. 97 was closed by slides at Blewett Pass, between Leavenworth and Ellensburg, and 200 to 300 feet of the northbound lane was washed away by flooding from Peshastin Creek. Source:

 According to Reuters, an outbreak of salmonella food poisoning has made 388 people sick across 42 states, sending 18 percent of them to the hospital, U.S. health officials said on Wednesday. (See item 16)

16. January 7, Reuters (National) Salmonella outbreak sickens 388 across U.S.: CDC. An outbreak of salmonella food poisoning has made 388 people sick across 42 states, sending 18 percent of them to the hospital, U.S. health officials said on January 7. The

U.S. Centers for Disease Control and Prevention (CDC) is trying to trace the source of the outbreak, which began in September. The Department of Agriculture, state health officials, and the Food and Drug Administration are also involved. The CDC said poultry, cheese, and eggs are the most common source of this particular strain, known as Salmonella typhimurium. “It is often difficult to identify sources of foodborne outbreaks. People may not remember the foods they recently ate and may not be aware of all of the ingredients in food. That is what makes these types of investigations very difficult,” said a CDC spokesman. The CDC spokesman did not specify how many people were hospitalized, but the percentage he gave puts that figure at about 70. Source:


Banking and Finance Sector

6. January 8, San Francisco Chronicle – (National) Can Madoff payouts break the insurance bank? The Securities Investor Protection Corp. (SIPC) insures brokerage accounts for up to $500,000 each when customer assets are stolen or missing. But if

clients of Bernie Madoff wipe out the insurance fund, will there be any protection for everyone else? In interviews and congressional testimony this week the SIPC’s chief executive could not rule out the possibility that its resources might be exhausted by victims of Madoff’s alleged $50 billion Ponzi scheme. SIPC appears to have $4 billion to $4.5 billion in assets and lines of credit to draw upon. If the insurance fund ran out of money, SIPC probably would turn to Washington for help. Although it was created by a federal statute, SIPC — unlike the Federal Deposit Insurance Corp., which insures bank deposits — is not a U.S. government agency nor backed by the U.S. government. Source:

7. January 7, Forbes – (National) FDIC unnationalizes some debt. Signs of life in the U.S. mortgage market emerged January 7, after the federal government inked a deal to let a private company service a portfolio of loans that had been owned by a failed Nevada bank. The deal could serve as a model for the government to put nationalized mortgages into efficient private hands, and it gives an indication of how much investors might be willing to pay: half of face value or less. Private National Mortgage Acceptance, a private-equity firm that likes to be known as PennyMac, said it had purchased residential loans worth nearly half a billion dollars from the Federal Deposit Insurance Corp. (FDIC). It refused to say what it paid, but its chief said in a television interview that the price was 30 to 50 cents on the dollar. The debts originally belonged to the First National Bank of Nevada, which went bust in July of last year and has since been in receivership. Asset Manager Blackrock has a sizable stake in PennyMac and served as an adviser on the deal. The FDIC has been pulling a growing number of belly-up lenders and their problem loans onto its balance sheet as the U.S. subprime mortgage mess, made worse by the global financial crisis it spawned, deepens with falling home prices and rising loan delinquencies. This sale is the first of its kind as the U.S. government enters a profit-sharing venture with a private investor in order to get troubled loans it does not want to manage off its books. Source:

Information Technology

30. January 8, heise Security – (International) Intel’s Trusted Execution Technology hacked in the alpha stage. At the Black Hat DC 2009 conference, a rootkit expert and the chief executive of Invisible Things Lab plans to show how to get around Intel’s Trusted Execution Technology (TXT). She has already published a press release describing a two-stage attack on the safeguarded tboot boot loader which, however, is still only available in an alpha version. The security hole is currently of almost no practical importance, since there is scarcely a computer in use that takes advantage of TXT, despite its introduction nearly two years ago under the name LaGrande Technology. Still, she garnered much respect with her Blue Pill rootkit and her “Owning Xen” Xen attack, and the TXT hack points out fundamental vulnerabilities in Intel’s highly complex Trusted Execution concept. These attacks on TXT and Xen show that virtualization involves significant new security risks — the hypervisor runs on the CPU with even higher rights than Ring 0 code — one might say that the VM runs in “Ring 1.” At the same time, entries on AMD and Intel processor errata lists relating to the new virtualization commands are piling up. It is no wonder then that manufacturers are factory-disabling VT-x and AMD-V in many BIOS setups. Source:

31. January 7, InformationWeek – (International) LinkedIn profiles link to malware. Scammers use celebrity names and provocative content to entice LinkedIn users to click on malicious URLs. Malicious user profiles, which have long plagued consumer-oriented social networking sites like MySpace and Facebook, are now appearing on more professionally oriented social networking sites. Earlier this week, a Trend Micro security researcher found several fake LinkedIn profiles that have appropriated the names of celebrities to spread malware. A senior vice president of marketing, KickApps, discusses the vendor’s hosted social media platform, which lets Web publishers add social networking functionality — online communities, user-generated content, programmable video players, widgets for con. The scammers use provocative content descriptions in profile name fields to entice visitors to click on malicious URLs placed in the profile’s Web site section. Doing so downloads malicious Trojan software. LinkedIn did not immediately respond to a request for comment. Trend Micro says that cybercriminals buy and sell preregistered profile accounts on social networks as launchpads for attacks. This happens on other trusted sites and services as well, because exploiting trust is the key to a successful social engineering attack. Source: 12701154&subSection=Cybercrime

Communications Sector

Nothing to report