Department of Homeland Security Daily Open Source Infrastructure Report

Thursday, February 19, 2009

Complete DHS Daily Report for February 19, 2009

Daily Report


 According to the Associated Press, officials estimate nearly 300,000 gallons of sewage will have leaked into San Francisco Bay by the time a leaking pipe at a Sausalito, California treatment plant is repaired. The leak began around 1 p.m. on Tuesday. (See item 21)

21. February 18, Associated Press – (California) Sausalito sewage spill likely to leak up to 300,000 gallons. Officials estimate nearly 300,000 gallons of sewage will have leaked into San Francisco Bay by the time a leaking pipe at a Sausalito treatment plant is repaired. The general manager of the Sausalito-Marin City Sanitary District says the leak is coming from a 23-year-old pipe at the agency’s Fort Baker treatment plant. A spokesperson says the leak began around 1 p.m. February 17, but because the pipe is under water repairs were not expected to begin until low tide February 18. He added that rough surf could have contributed to the break in the pipeline. Signs warning people to stay out of the water are posted along the Fort Baker shoreline. The water is expected to remain off-limits for the next several days. Source:

 The Associated Press reports that a second soldier stationed at the Army’s Fort Leonard Wood base in Missouri has died of meningitis, officials said on Tuesday. Another soldier from the base died on February 9. Both soldiers had a non-contagious form of meningitis. (See item 28)

28. February 17, Associated Press (Missouri) 2nd soldier at Missouri base dies of meningitis. A second soldier stationed at the Army’s Fort Leonard Wood base in Missouri has died of meningitis, officials said Tuesday. Leonard Wood officials said the soldier died Tuesday at a hospital in Springfield. Another soldier from the base died February 9. Base officials said both soldiers had a non-contagious form of meningitis. The federal Centers for Disease Control and Prevention sent four representatives to investigate. Base officials said they were increasing soldiers’ awareness of preventive measures, reminding them to wash their hands, avoid sharing utensils, and to use proper cough etiquette. Meningitis can be caused by a bacterial or viral infection. The viral form is generally less severe. Bacterial meningitis can result in brain damage, hearing loss, learning disability, and death. Source:


Banking and Finance Sector

11. February 18, Wall Street Journal – (Texas) SEC accuses Texas financier of ‘massive’ $8 billion fraud. The Securities and Exchange Commission (SEC) charged a suspect with an $8 billion fraud centered on the sale of certificates of deposit, saying the businessman deceived investors by promising high and seemingly safe returns. As the SEC charges were made public on February 17, U.S. marshals and Federal Bureau of Investigation (FBI) agents raided the suspect’s offices in Houston. The SEC said that Stanford Investment Bank sought to lull investors into thinking their investments were safe, providing assurances that the bank invested the money in liquid financial instruments that were monitored by a team of more than 20 analysts. But those assurances were false, the SEC said. Instead of ultra-safe investments, a substantial portion of the portfolio was placed in real estate and private equity, the SEC said. The investments were not monitored by a team of analysts, but instead by two people, the suspect and the chief financial officer of the bank. The SEC said the suspect sold about $8 billion of the certificates of deposit. The agency also accused the suspect of fraud connected with the sale of a mutual-fund program with reported assets of more than $1.2 billion. The SEC said the suspect and three of his companies claimed to have received double-digit returns on investments for the past 15 years, but the returns were “improbable” and unsubstantiated. Source:

12. February 18, Financial Wire – (Nevada) Community Bank of Nevada customers hit by text message scam. Community Bancorp’s Community Bank of Nevada unit said that a text message sent to both customers and non-customers was a text phishing scam. The company said that a text message was sent on February 13 by an unidentifiable source, disguised as Community Bank of Nevada, in attempt to collect sensitive financial information. The Community Bank CEO said, “We are aware that over the past few weeks several financial institutions and their customers have fallen victim to these types of text phishing scams.” He added that the bank has put into place “many safeguards to protect our customers’ information.” He said that the company is investigating the issue and “hope to have it resolved quickly, minimizing any potential damage that may impact our customers.” The text message told the recipients that their debit card has been suspended and to call either a 1-866 or 1-800 number immediately. Community Bank of Nevada said it is currently working with the Federal Trade Commission to resolve this issue. Source:

13. February 17, DarkReading – (National) Wyndham Hotels hack exposes guest names, credit cards. Hotel chain Wyndham Hotels and Resorts (WHR) has revealed that a computer break-in late last summer at one of its franchise hotels exposed guest names and credit card data across 41 of its properties. Wyndham alerted customers who were affected by the breach just before Christmas, but is now going public with details of the hack. An attacker used a “centralized network connection” at one WHR franchise to access and download information from several WHR properties, and only WHR hotels were affected in the breach, according to the hotel chain, which first discovered the breach in mid-September. The hotel chain says guest and cardholder names, account numbers, and payment card information were potentially exposed in the hack. The number of Wyndham customer accounts affected by the breach was reported as 21,000 when it was first made public in December 2008, according to the Open Security Foundation’s Data Loss database. The state attorney general of Florida on February 17 warned state residents affected by the breach to monitor their credit reports for unusual or suspicious activity. Wyndham says affected customers represent a cross-section of its global base. The breach was discovered after the hotel chain noticed “unusual activity” in one of its servers, which was used to siphon data to an “offsite URL,” according to Wyndham. Wyndham says a full investigation, including contacting law enforcement, took eight weeks, and the hotel chain had to match payment card data with contact information of its customers. Source:

Information Technology

36. February 17, CNET News – (International) New exploit targets IE 7 hole patched last week. Cybercriminals are exploiting a critical hole in Internet Explorer 7 that was patched recently by Microsoft, security firm Trend Micro warned on February 17. The malicious code, which Trend Micro named “XML_DLOADR.A,” is hidden in a Word document. On unpatched systems, when the file is opened an ActiveX object automatically accesses a Web site to open a backdoor that installs a .DLL (dynamic link library) file that can steal information, according to a Trend Micro blog entry. The code sends stolen data to another Web address via port 443, Trend Micro said. As a result of the back door, “anybody can run commands on the affected system,” said a senior threat analyst and researcher at Trend Micro. Microsoft released a security patch for the vulnerability, and others, recently. The vulnerability arises from the browser’s improper handling of errors when attempting to access deleted objects. “It looks like a proof of concept or targeted attack,” the analyst said. The exploit is similar to politically motivated attacks that were seen before the Olympics last year in which PDF files and Word documents contained exploit code and automatically connected computers to malicious Web sites, he said. It appears that the site directed to is in China and there is Chinese terminology in the code, according to the analyst. That and the fact that the 50th anniversary of the Tibetan uprising is approaching, on March 10, suggests that this attack could be politically motivated as well, he said. Source:

Communications Sector

37. February 17, DarkReading – (International) Smartphone threats intensify. Security threats were bound to catch up with the proliferation of smartphones across the enterprise. More than half of mobile device-makers said their products experienced malware, voice, or text spam attacks last year, according to a newly published report from McAfee. Experts have long warned that smartphones, such as Windows Mobile and iPhone handsets, could become the new weakest link in the enterprise, with more users relying on them for accessing corporate email, surfing the Web, and other applications. “[Users] want to do everything on them,” said a Toronto-based independent consultant. “But they are [typically] completely bypassing the IT infrastructure.” They are also bypassing security, he says, putting sensitive corporate data at risk. McAfee’s report, which is based on a survey of 30-plus mobile device manufacturers from around the world, found these vendors are getting hit with more malware attacks than ever before. As a result, they are spending more money on recovering from them. Nearly 55 percent said network or service-capacity problems have ensued due to mobile security incidents — up from 25 percent in 2007. Around half said third-party application/content problems had plagued their devices last year, up from around 25 percent in 2007. Around 48 percent said their devices accounted for data loss problems, up from around 27 percent in 2007. Source:;jsessionid=OESIVE3O2JX5AQSNDLPSKHSCJUNN2JVN?articleID=214303555

38. February 17, Chicago Tribune – (National) 400 stations to go digital on Tuesday. At midnight on February 17, more than 400 broadcasters across the country plan to permanently shut off analog signals and air only digital programming. The change potentially could confuse television viewers who were expecting to have four more months to make the transition to digital TV, as was approved by Congress this month. Although Congress voted to delay the digital edict to June 12, the bill allowed stations to make the switch early with Federal Communications Commission approval. Stations that want to turn off analog signals can do so if they take steps to mitigate the effect and make viewers aware of the switch, the FCC said. For example, stations must ensure that at least one analog signal is on the air in their market, keep some sort of analog signal on air for 30 days after the switch, and step up efforts to inform the public about the change. Fifty-three stations said they would take such action and switch early, 10 are in limbo pending hardship appeals, and 43 said they would wait until June. All told, about one-third of the nation’s TV stations plan to switch by the original deadline. Source:,0,6673328.story