Department of Homeland Security Daily Open Source Infrastructure Report

Thursday, April 2, 2009

Complete DHS Daily Report for April 2, 2009

Daily Report


 According to the Associated Press, Atlantic Southeast Airlines has grounded 60 jets for engine safety inspections. Only 50-seat Bombardier CRJ200 jets were affected. (See item 13)

13. April 1, Associated Press – (National) Regional carrier ASA grounds jets for inspections. Regional air carrier Atlantic Southeast Airlines (ASA) has grounded 60 jets for engine safety inspections. An ASA company spokeswoman said March 31 an internal audit revealed concerns about whether the planes’ engines had been inspected according the engine manufacturer’s recommendations. The company self-reported the problem to the Federal Aviation Administration and voluntarily grounded the planes so they could be re-inspected. Only 50-seat Bombardier CRJ200 jets were affected. Source:

 United Press International reports that spices produced by the Union International Food Co. plant in California have been linked to 42 possible salmonella cases in four states, including 33 in California. (See item 16)

16. April 1, United Press International – (California) Calif. plant’s spice linked to salmonella. California health officials added Uncle Chen pepper Tuesday to a list of spices from a Union City plant that may carry salmonella. Union International Food Co. spices have been linked to 42 possible salmonella cases in four states, including 33 in California, the state Department of Public Health said. The company’s product line includes spices for Asian foods. White and black pepper sold under the Uncle Chen brand name was added to the list Tuesday. Last week, the department warned of risk from spices sold under the Lian How name, including black, white, and cayenne pepper, paprika, chopped onion, onion powder, garlic, whole peppers, curry powder, mustard powder, and wasabi powder. Union International has initiated a voluntary recall of the spices. Source:


Banking and Finance Sector

8. April 1, Associated Press – (International) London bankers like subtle look amid G20 protests. The normally suited-and-booted bankers of the City — the square mile which makes up London’s main financial center — ditched their business attire for a more casual look, in an attempt to avoid confrontation with thousands of protesters who flooded the area. The change came after London’s Chamber of Commerce suggested the City’s denizens forego tailored suits and polished loafers for jeans and T-shirts on the day of protests ahead of the Group of 20 summit. Thousands of protesters converged in the sunshine in front of the Bank of England’s imposing edifice, surrounded by a ring of police. The group G-20 Meltdown organized four parades representing the “four horsemen of the apocalypse” — war, climate chaos, financial crimes, and homelessness. Violence did flare: Windows were smashed at the Royal Bank of Scotland (RBS), which was part-nationalized by the British government after a massive bailout. And bankers themselves appear to have recently been targets. The Edinburgh home of the former head of RBS, who resigned in disgrace but with an annual pension of about 700,000 pounds, was attacked by vandals. In the United States, death threats have been made against AIG executives since a controversy broke over bonuses paid with taxpayer bailout money. Source:


See also:

9. April 1, Tyler Morning Telegraph – (Texas) Telephone scam collects banking information. The Wood County Sheriff’s Office is warning citizens of a computer/telephone scam involving a local bank. “Several cell phones and landline phones have received a message stating ‘This is Mineola Community Bank and your ATM debit card needs to be reactivated.’ The computer requests that you press 1 and this is when all of your information is gathered by the people attempting to scam you,” the sheriff’s office states. Source:

10. April 1, Baxter Bulletin – (Arkansas) Telephone scam targets local bank customers. Warnings of a telephone scam targeting customers of First National Bank & Trust of Mountain Home were issued by the bank on March 31. The First National director of marketing said the scam uses an automated telephone message to inform the call receivers of a security breach in their automated teller machine (ATM) cards and directs the receiver to key in their card numbers and personal identification numbers using the telephone key pad. The director said the scammers clearly do not have a list of the banks customers. The scam calls apparently go out randomly to many people in the area who are not customers of the bank with the intent of find a few of the targeted bank’s customers who will unwittingly supply the card and ID numbers need to exploit a bank account. The director said it is important for First National account holders to remember that the bank will never call seeking account numbers and personal identification numbers. The bank already has that information. He said account holders should avoid furnishing personal identification numbers over the telephone. Source:

11. March 31, Reuters – (National) U.S. panel backs FDIC borrowing, credit card reforms. A key U.S. Senate panel on March 31 backed proposals to reform credit card practices and increase the authority of regulators to borrow from the Treasury Department to deal with a slew of expected bank failures. By a 12-11 vote, the Senate Banking Committee narrowly approved a bill aimed at cleaning up unfair and deceptive practices by credit card companies criticized for surprising customers with fees and unilaterally changing terms. The bill, which was introduced by the committee’s chairman, also contains two provisions aimed at increasing the borrowing authority of regulators, the Federal Deposit Insurance Corp. and the National Credit Union Administration. The provisions, introduced by a Senator from Idaho, would increase the FDIC’s borrowing authority to $100 billion from the current $30 billion to deal with banks and increase the NCUA’s limit to $6 billion from $100 million for nonprofit credit unions. The provisions also allow the agencies to exceed the new limits through the end of next year for up to $500 billion for the FDIC and $18 billion for the NCUA in the event of extraordinary circumstances. A House subcommittee is expected to take up its own credit card bill on April 1. Source:

12. March 31, WMUR 9 Manchester – (Massachusetts) Protest dummy scare shuts down Boston Square. Several streets around Kenmore Square in Boston were closed on March 31 after a group chained a protest dummy to a bank. The Boston Police Bomb Squad was called to the Commonwealth Avenue Bank of America after a dummy was chained to the bank door, locking customers inside, Boston station WCVB reported. The dummy, wearing a sweatshirt, jeans, and a sign about “climate chaos,” was pulled from the Bank of America building and dismantled. Mannequins for Climate Justice took responsibility for the incident in a press release to protest “the fossil fuel industry and its collaborators who are destroying the Earth.” Source:

Information Technology

28. April 1, SC Magazine – (International) Phishing accounts for half of all malware. Phishing attacks are now accounting for over 50 percent of all virus threats. According to research by Network Box, this is the highest percentage of malware so far this year, up from 33 percent in February. An Internet security analyst at Network Box said: “A poor economy means greater numbers of disgruntled employees, desperate individuals trying to make money and increased opportunity as we become more technologically enabled. “It really is time to review the basics of corporate security. Whenever an economy is depressed, the instances of cybercrime, just like burglaries, increase. Time spent now on educating employees, checking your internet use policy, and applying some common sense security measures will pay dividends through the coming months.” Source:

29. March 31, IDG News Service – (International) Conficker activation passes quietly, but threat isn’t over. An expected activation of the Conficker.c worm on April 1 passed without incident, despite sensationalized fears that the Internet itself might be affected, but security researchers said users are not out of the woods yet. “These guys have no designs, I think, on taking down the infrastructure, because that would separate them from their victims,” said a threat researcher at antivirus vendor Trend Micro Inc., calling the technology and design of Conficker.c as “pretty much state of the art.” “They want to keep the infrastructure up and in place to make it much harder for good guys to counter and mitigate what they have orchestrated,” he said. Conficker.c was programmed to establish a link from infected host computers with command-and-control servers at midnight on April 1. To reach these control servers, Conficker.c generates a list of 50,000 domain names and then selects 500 domain names to contact. That process has started, researchers said. Exactly how many computers are infected with Conficker.c is not known, but the estimated number of systems infected by all variants of the Conficker worm exceeds 10 million, making this one of the largest botnets ever seen. While infected computers have started reaching out to command servers as expected, nothing untoward has happened. “We have observed that Conficker is reaching out, but so far none of the servers they are trying to reach are serving any new malware or any new commands,” said a security strategist at McAfee Avert Labs in Germany. Source:

30. March 31, DarkReading – (International) Attack of the mini-botnets. Big-name botnets like Kraken/Bobax, Srizbi, Rustock, the former Storm, and even the possible botnet-in-waiting, Conficker have gained plenty of notoriety, but it is the smaller and less conspicuous ones not seen that are doing the most damage in the enterprise. These mini-botnets range in size from tens to thousands versus the hundreds of thousands, or even millions, of bots that the biggest botnets deploy. They are typically specialized and built to target an organization or person, stealing corporate and personal information, often without a trace. They do not attract the attention of the big spamming botnets that cast a wide net and generate lots of traffic; instead they strike quietly, under the radar. “There is definitely specialization [in botnets] these days,” says a senior director of malware research for SecureWorks. “There are botnets designed for fraud, and they have been around for a while and do not seem to cross over [with the bigger spamming botnets],” he says. These mini-botnets specialize in identity theft, fraud, and stealing corporate information, and are much more difficult to spot and infiltrate than a big spamming botnet. “We have to rely on the few anecdotal instances, where we have managed to get a look at the back-end,” the director says. The vice president of engineering at Damballa says most of the bots his company finds within its enterprise clients’ networks are from obscure botnets, not the big spamming zombie networks. Spam-bot infections account for only about 2 percent of the compromised bot machines Damballa has uncovered, while 20 percent are bots used for targeted, malicious purposes, like data theft or fraud, he says. The other 75 to 80 percent are from blended threats, multipurpose Trojans, downloaders, and worms for various purposes. Source:

Communications Sector

31. March 31, Salisbury Post – (North Carolina) Time Warner: Power outage caused interruption in cable service. On March 30 at 9:24 p.m., all the Time Warner channels (except local feeds) went into freeze frame for close to two hours. Whatever was on a cable channel at the time of a Duke Energy power outage remained locked on that channel during the service interruption. The director of media relations for Time Warner Cable in the Carolinas said the service interruption occurred when power was lost to Time Warner’s main service site in Salisbury. When outages to the site occur, backup generators are supposed to kick in, but those generators did not work the night of March 30. It took until about 11:30 p.m. for the generator problem to be fixed, she said. During the restoration efforts, customers may have received a signal for awhile but then lost it again. Only the subscribers served from the Salisbury station were affected. Source: