Department of Homeland Security Daily Open Source Infrastructure Report

Monday, March 9, 2009

Complete DHS Daily Report for March 9, 2009

Daily Report


 The Air Force Times reports that inspections were ordered for the C-130 fleet after routine depot maintenance on March 4 of a C-130 at Georgia’s Robins Air Force Base found cracks on some of the plane’s upper right wing barrel nuts. The total number of C-130s needing wing inspections is 596. (See item 9)

9. March 6, Air Force Times – (National) C-130Js added to wing inspection list. The Air Force’s fleet of C-130J Hercules is part of the ongoing inspection of the C-130 fleet, Air Mobility Command (AMC) said on March 6. The 68 J-models brings the total number of C-130s needing wing inspections to 596. Along with the C-130s used to fly cargo and passengers, the inspection orders applies to combat C-130s flown by Air Force Special Operations Command and Air Combat Command. Maintainers at C-130 installations were told on March 5 to check for defective nuts that help attach the plane’s wings to the fuselage section called the wing box. The planes are not grounded but can not fly until checked, a process that takes about four hours, said an AMC spokesman at Scott Air Force Base in Illinois. The inspections are expected to be completed soon, he said. The inspections come after routine depot maintenance on March 4 of a C-130 at Georgia’s Robins Air Force Base found cracks on some of the plane’s upper right wing barrel nuts. Initial inspection involved only the older “legacy” models, and not the newer C-130J, which first came on line in 1999, he said, but they were added to the list on March 6. Other branches of the U.S. military and dozens of other countries use the aircraft. A specialist on the C-130 program at manufacturer Lockheed Martin in Marietta, Georgia did not immediately return telephone messages on March 5. According to Air Force data, the C-130 became operational in December 1956. More than 2,000 aircraft in 70 variants and five basic models have been produced. Source:

 According to the Associated Press, a natural-gas explosion on March 5 destroyed several historic buildings in downtown Bozeman, Montana. (See item 38)

38. March 6, Associated Press – (Montana) Explosion shakes Bozeman. One woman remained missing on March 5 after a natural-gas explosion on East Main Street shook downtown Bozeman, leaving several historic buildings demolished. No other casualties or injuries were reported, although local historians said the destruction was the largest from a single incident in Bozeman in a century. The explosion was still under investigation on March 5, and authorities speculated it would be days before they would be able to pinpoint a cause. The explosion at 8:12 a.m. on March 5 destroyed several businesses on the 200 block of East Main Street between North Bozeman and North Rouse avenues. Officials said it was too early to accurately estimate the cost to repair the damage, although that figure will certainly be in the millions. The Bozeman Police chief said on March 5 that he had decided to use the National Guard to help with security during the recovery operations. Source:


Banking and Finance Sector

11. March 6, Washington Post – (National) FDIC to trim emergency fees. The head of the Federal Deposit Insurance Corp. has agreed to halve a new emergency fee on U.S. banks in exchange for Congress more than tripling the agency’s borrowing authority to tap federal aid if needed to replenish the deposit insurance fund. Word of the move by the FDIC chairman came days after she warned that the fund insuring Americans’ deposits could be wiped out this year without the new fees on U.S. banks and thrifts. Banks, especially smaller community banks, have been chafing over the new insurance fees, saying they will place an extra burden on an already struggling industry. The chairman is agreeing to cut the new emergency premium, to be collected from all federally-insured institutions on September 30, to 10 cents for every $100 of their insured deposits from the 20 cents the FDIC approved recently. That compares with an average premium of 6.3 cents paid last year. Source:

12. March 4, Investment News – (National) Audit: Regulators saw red flags at First National. Federal banking regulators knew as far back as 2002 about problems at First National Bank Holding Co.’s banks in Arizona, California and Nevada but failed to act until shortly before their demise last year, auditors said on March 4. The criticism of the U.S. Office of the Comptroller of the Currency (OCC) by the Department of the Treasury’s inspector general echoed its blast last month of the U.S. Office of Thrift Supervision for lax oversight of IndyMac Bancorp. Inc. The two reports are likely to fuel moves in Congress for a toughening of federal banking oversight. First National Bank of Scottsdale, Arizona, which described itself as the Southwest’s largest privately held family-owned banking institution, incurred significant losses from its commercial and residential real estate loans, the report said. The banks’ management failed to address repeated regulatory concerns about their underwriting, loan concentrations and accounting. Regulators said the executives “directly caused” the banks’ problems, according to the report. Yet the OCC failed to act for six years, auditors said. “We believe that OCC should have taken formal enforcement action much sooner and was not aggressive enough in the supervision of the banks when problems first arose,” the inspector general report said. Source:

13. March 4, Reuters – (International) Attackers throw firebombs at bank in Athens. Arsonists threw gas canisters and firebombs at a bank branch office in Athens on March 4, causing serious damage to the building but no injuries, Greek police said. There has been an outbreak of violence since the police shooting of a 15-year-old boy in December, which sparked Greece’s worst riots in decades. “The devices exploded, causing a fire, which seriously damaged the Piraeus Bank branch in the northern Athens suburb of New Psychico,” a police official said on condition of anonymity. Police said they had received no warning for the attack. Last month, Greek police defused an explosive device outside Citibank’s headquarters in a northern Athens suburb. Source:

Information Technology

35. March 5, CNET News – (International) Report: Firefox buggier, but issued fixes quicker. Mozilla reported more vulnerabilities in its Firefox Web browser last year than Internet Explorer, Safari, and Opera combined, but Mozilla dealt with those flaws quicker than Microsoft, according to a new a report by vulnerability-testing company Secunia. Firefox had 115 reported flaws in 2008, nearly four times as many as every other popular browser, and nearly twice as many as Microsoft and Apple combined, according to browser vulnerability research (PDF) released the week of March 2-6. In comparison, Microsoft reported 31 flaws in IE, Apple reported 32 in Safari, and Opera reported 30. However, the report found that Mozilla was quicker to patch Firefox’s flaws that were disclosed publicly without vendor notification compared with Microsoft. These “zero day” vulnerability disclosures contain information that can be used by attackers to write exploits for the flaw. The longer it takes vendors to release an update that repairs the vulnerability, the longer users of the browser are at risk. Source:

Communications Sector

36. March 5, CNET News – (International) 4G race gaining speed, data says. Twenty-six operators are committed to the long-term evolution 4G standard, according to research released the week of March 2-6 by the Global Mobile Suppliers Association. While the forum for GSM and 3G suppliers worldwide decidedly has a stake in promoting LTE, the number indicates growing momentum for the standard, which promises download data rates of at least 100Mbps. Fierce competition has arisen to become the world’s first LTE operator in an arena regarded as the next generation of mobile phone service and a huge draw for customers. Ten network operators are ready to launch their networks by 2010, according to the report. In the United States, these include Verizon, which committed to 4G at the 2009 GSMA Mobile World Congress in Barcelona in February; MetroPCS; and CenturyTel. TeliaSonera in Sweden and Norway has signed on. In Japan, NTT DoCoMo and KDDI are onboard, and in Canada, it is Rogers Wireless, Telus, and Bell Canada. Sixteen more telecommunications companies will launch their LTE 4G services after 2010. With earlier launches of new mobile-network standards, handset availability has been a limiting factor for the commercial launch of the service. In the GSA report, two mobile players have already predicted release dates of their LTE phones. Sweden’s Ericsson says it will have an LTE-capable platform for commercial release in 2009 and will deliver mobile products based on the platform in 2010. South Korea’s LG has announced that its first LTE mobile phones will likely reach the market in 2010. For users, 4G wireless technology is primarily about higher data rates to match the increasing capabilities being offered by phones. But consumers probably will not experience the full impact of 4G until 2012 or 2013, when Strategy Analytics forecasts that the global LTE handset market will increase from 70 million sales units to 150 million. Source:

37. March 5, DarkReading – (International) Next generation ‘war-dialing’ tool on tap. War-dialing is back, and it is not limited to finding modems anymore. A renowned researcher is putting the final touches on his latest project, a telephone auditing tool that also finds PBXes, dial tones, voicemail, faxes, and other phone line connections for security assessment, research, or inventory. The so-called WarVOX is free, Linux-based software (no telephony hardware necessary) that uses voice over IP services to place calls. It looks at the audio in a call and is much faster than old-school war-dialing, scanning more than 1,000 phone numbers per hour over a residential broadband connection, and up to 10,000 in eight hours. The researcher says WarVOX is aimed at security auditors and penetration testers looking for a faster and cheaper way to detect phone system vulnerabilities. “Right now, the target audience for WarVOX is anyone who currently uses legacy war-dialing tools and is frustrated by the amount of time and money it takes to perform the audit,” the researcher says. Traditional war-dialing has been on the decline in the broadband age. “Most security service providers that offer penetration tests still perform war-dialing for their clients. However, as a rule war-dialing has been a declining trend as fewer and fewer systems are left connected to modems,” he says. WarVOX, he says, is simple to use and can provide a wealth of security information for organizations looking at their phone-line security posture. PBX voice system lines, for example, can harbor security holes that could put an enterprise at risk. Source: