Department of Homeland Security Daily Open Source Infrastructure Report

Monday, March 2, 2009

Complete DHS Daily Report for March 2, 2009

Daily Report


 According to the Associated Press, a report by the Homeland Security Department’s Inspector General says the Transportation Security Administration has too few inspectors to make sure rail and mass transit employees are doing enough to guard against terrorists. (See item 10)

10. February 27, Associated Press – (National) Report: More agents needed to secure mass transit. The agency responsible for transportation security has too few inspectors to make sure rail and mass transit employees are doing enough to guard against terrorists, a government report says. The report by the Homeland Security Department’s Inspector General, due out February 27, says the Transportation Security Administration’s request for 102 more inspectors is insufficient to get the job done right. The review of TSA’s inspection program, obtained by the Associated Press, was conducted between last year February and July. The TSA has 175 inspectors assigned to assess transportation security for bus and mass transit systems, and many were hired without any experience with mass transit systems, the report said. Intelligence officials have said that mass transit systems are vulnerable to terrorist attacks because the systems are open, easily accessible and have advertised schedules. Source:

 The Toledo Blade reports that authorities are unsure what sparked a three-alarm fire Thursday that damaged the Fry Foods production plant in Seneca County, Ohio. A plant manager said he contacted the Ohio Department of Agriculture to evaluate what food inside the plant had been contaminated. (See item 15)

15. February 27, Toledo Blade – (Ohio) Fire damages Tiffin food plant. Authorities are unsure what sparked a three-alarm fire February 26 that damaged a long-standing food production plant in Tiffin in Seneca County. The fire started underneath a deep fryer at Fry Foods about 8:30 a.m., prompting the evacuation of about 40 first-shift employees. The fire quickly spread to the roof and then to a storage room filled with onions and cooking oil, which fueled the flames, the Tiffin fire chief said. The chief said about a quarter of the 55,000-square-foot building was damaged, and there also was damage to the roof. A plant manager said he contacted the Ohio Department of Agriculture to evaluate what food inside the plant had been contaminated. He was unsure how the fire would affect production, but said some work could be shifted to a sister plant in Idaho if needed. Source:


Banking and Finance Sector

7. February 27, Bloomberg – (National) Citi gets third rescue as U.S. plans to raise stake. The U.S. government ratcheted up its effort to save Citigroup Inc., agreeing to a third rescue attempt that will cut existing shareholders’ stake in the company by 74 percent. The stock fell as much as 37 percent. The Treasury Department said it would convert as much as $25 billion of preferred shares into common stock provided private holders agree to the same terms, the government said in a statement on February 27. The conversion would give the United States a 36 percent stake in the New York-based company. “We’re in these dire conditions, and this is a restructuring of a troubled company,” a CreditSights Inc. analyst said. “Common shareholders are severely diluted.” Increased government involvement complicates the chief executive officer’s attempt to restore confidence in the company after the stock sank to the lowest in 18 years. The government is supporting Citigroup because of concern its failure might roil weak global markets. The United States does not immediately intend to inject additional money after channeling $45 billion to Citigroup last year. The bank, which last year slashed its quarterly dividend to 1 cent a share, said on February 27 the payout will be eliminated. It also took an accounting charge related to the plummeting value of some businesses, swelling its record 2008 loss to $27.7 billion, or 48 percent larger than reported a month ago. Source:

8. February 27, Bloomberg – (National) FDIC weighs one-time ‘emergency’ fee on banks to boost reserves. The Federal Deposit Insurance Corp. (FDIC) will consider imposing a one-time “emergency” fee and increase regular fees on U.S. banks to replenish a fund for insuring customers’ deposits that has been drained by a surge in bank failures, the agency said. FDIC staff members at a board meeting on February 27 in Washington will recommend charging banks an “emergency special assessment” in response to an estimate that bank failures could cost the fund $65 billion through 2013, according to a memo outlining the proposal. The added fees are projected to generate $27 billion this year, compared with the $3 billion raised in 2008, the FDIC said. “Recent and anticipated failures have significantly increased losses to the deposit insurance fund,” the memo said. The deposit insurance fund fell to $18.9 billion in the fourth quarter from $34.6 billion the preceding three-month period, the FDIC said on February 26. The fund, used to reimburse customers for deposits up to $250,000 when a bank fails, has been shrunk by 39 failures since the beginning of 2008. The FDIC is required by law to replenish the fund when the reserve ratio, or fund balance divided by insured deposits, falls below 1.15 percent. It stood at 0.40 percent at the end of the fourth quarter, the lowest level since the second quarter of 1993, the agency said on February 26. Source:

9. February 26, CNN Money – (National) Problem bank list tops 250. The government’s closely watched list of troubled banks grew during the fourth quarter to its highest level since 1994, regulators said on February 26. The Federal Deposit Insurance Corp. (FDIC) reported that the number of firms on its so-called “problem bank” list grew to 252 during the last three months of 2008, compared with 171 banks making the list in the prior quarter. “There is no question that this is one of the most difficult periods we have encountered during the FDIC’s 75 years of operation,” the agency chairman said February 26. Problem banks typically face difficulties with their finances, or are suffering through operations or management issues that pose a threat to their existence. The institutions that wind up on the list are considered the most likely to fail, although few of them actually reach that point. On average, just 13 percent of banks on the FDIC’s problem list have failed. Source:

Information Technology

28. February 27, Search Security – (International) Conficker’s pwned computers could be sold in chunks. Researchers who conducted extensive analysis of the Conficker/Downadup worm found that it is flexible enough to bypass the traditional way a worm receives a payload, and many researchers agree that the most lucrative move for the worm’s author is to divide the botnet into pieces and sell it off to the highest bidder. Once sold, the new botnet owner can better target a specific segment and deliver new commands to harvest data such as passwords and account information from a geographic location or a targeted audience. “There’s been surgical changes made,” said a representative of SRI International, whose research report recently addressed the peer-to-peer update method that Conficker could use to get its marching orders. The representative said he thinks the cybercriminals behind Conficker could use a backdoor rather than the domain generation algorithm being closely monitored and proactively blocked by a coalition of Internet security and DNS organizations. A feature in the worm’s coding allows local and remote processes to communicate information to the Conficker process. It allows an external host to connect and upload commands much like data exchanging in peer-to-peer file sharing. The peer-to-peer update method gives Conficker an alternative path which bypasses the use of Internet rendezvous points. The representative wrote in his report that the Conficker’s authors are moving “away from a reliance on Internet rendezvous points to support binary update and toward a more direct flash approach.” Source:

29. February 27, – (International) Malware writers exploit Google Trend. Malware distributors are taking advantage of Google Trends to earn top billing for their pages, according to security experts. Researchers at McAfee’s Avert Labs said that a number of malicious pages have seen their Trend ranking artificially enhanced so that the pages will be returned as top results for a number of Google searches. The McAfee senior threat researcher said that the malware writers appear to be using the Google service to find the most popular current search topics, then loading the pages with keywords and text to show up on result pages for those terms.” One thing they are doing is to pull the content off the pages that are already ranked high, which makes it a little more transparent when you see the search results,” said the researcher. After clicking on one of the malicious links, the user is redirected to a page which will attempt to exploit a three-year old vulnerability in Internet Explorer, as well as a number of fake ‘alert’ pop-ups designed to trick the user into installing rogue security software. The researcher suggests that users exercise extra caution when clicking on search results and avoid following links to unknown or suspicious domains. Source:

Communications Sector

30. February 27, Reuters – (International) U.S. satellite shootdown debris said gone from space. No debris remains in space from the U.S. destruction a year ago of an errant spy satellite loaded with toxic hydrazine fuel, the head of the Pentagon’s Strategic Command said. By contrast, some of the debris caused when China used a ground-based ballistic missile to destroy one of its defunct weather satellites will stay in orbit for another 80 or 90 years, said an Air Force general, the command’s chief. “Every bit of debris created by that (U.S.) intercept has de-orbited,” the general told a symposium on air warfare hosted by the U.S. Air Force Association in Orlando, Florida, on February 26. The U.S. military used a ship-launched Raytheon Co Standard Missile-3 missile to destroy a crippled National Reconnaissance Office satellite on February 20, 2008. It was shot apart at an altitude of about 130 miles. Space junk is a threat to the 800 or so commercial and military satellites estimated to be operating in space as well as to the International Space Station. The Strategic Command, which coordinates U.S. military operations in space, said it is now tracking about 2,200 pieces of orbiting junk created by the Chinese anti-satellite demonstration in January 2007. The general, in a follow-up session with reporters, said the last bits of debris from the U.S. intercept, which he said had been codenamed Burnt Frost, de-orbited as early as last July or August 2008. Source:

31. February 26, Associated Press – (Arizona) FBI probe shuts down 2 cable companies. Two Arizona cable companies have been shut down as part of an ongoing federal investigation into the misuse of satellite transmissions. The FBI searched the Phoenix-area offices on February 25 of Eagle West Communications Inc. and Indevideo Cable Co. The companies serve the Grand Canyon and rural northern Arizona, where customers lost some or their entire cable broadcast. A U.S. Attorney’s Office spokeswoman says the companies were targeted in connection with allegedly re-labeling and distributing satellite transmissions as part of their cable broadcast. The investigation included the execution of search warrants on 21 offices and transmission facilities in Arizona and other states. It was unclear when service would be restored to customers of Eagle West and Indevideo. Source: