Department of Homeland Security Daily Open Source Infrastructure Report

Thursday, May 21, 2009

Complete DHS Daily Report for May 21, 2009

Daily Report

Top Stories

 The Alamogordo Daily News reports that utility company PNM is still trying to determine the cause of a power outage during Tuesday morning after an estimated 31,205 customers in Alamogordo, Tularosa, and Ruidoso lost electricity. (See item 1)

1. May 20, Alamogordo Daily News – (New Mexico) Massive power outage occurs. PNM is still trying to determine the cause of a power outage during the morning on May 19 after an estimated 31,205 customers in Alamogordo, Tularosa and Ruidoso lost electricity, a spokesman said. A senior corporate communications representative said the outage started around 8:34 a.m., but all customers had power restored by 9:08 a.m. “One of our 115-kilovolt lines tripped,” he said. “The cause is still unknown, but our transmission staff is investigating it. We’re hoping the cause will be determined in a few days.” In Alamogordo and Tularosa, the power outage started at 8:34 a.m. with all power restored at 8:59 a.m. Ruidoso’s power was turned back on at 9:08 a.m. he said Alamogordo had 17,546 customers without power, Tularosa had 1,733, and 11,926 in Ruidoso. “Despite having a fairly big outage, we were able to restore most customers in all three cities in 30 minutes,” the spokesman said. At Mountain View Middle School in Alamogordo, students had to be evacuated because of a fluorescent light short-out during the power failure. “It happened shortly after the outage,” an APS safety coordinator said. “Our maintenance people had to go around the school to check refrigerators and other electrical equipment, too.” An Alamogordo Department of Public Safety sergeant said the city had no major traffic accidents or incidents during the outage. Source:

 According to the Associated Press, a fire Monday at New York-Presbyterian Hospital/Columbia University Medical Center in New York City sent nearly 20 people to the emergency room and forced the evacuation of hundreds of patients and staff. (See item 30)

30. May 19, Associated Press – (New York) NYC hospital buildings evacuated after tunnel fire. A fire Monday at New York-Presbyterian Hospital/Columbia University Medical Center in New York City sent nearly 20 people to the emergency room and forced the evacuation of hundreds of patients and staff. Fire officials say the blaze started in an electrical panel in an underground tunnel and was under control about two hours later. Firefighters used fans to get smoke out of the building. About 300 people in an outpatient building and a support services building were evacuated. Source:


Banking and Finance Sector

12. May 20, Wichita Eagle – (Kansas) Texts about deactivated debit cards are a scam, officials warn. A text message scam affecting members of a credit union has been reported in the Wichita area on May 19. So many people around Wichita have been getting similar text messages over the past few days that police stepped forward to warn people against the scam. A detective of the financial crimes section said the texts are simply a new form of “phishing,” which is when crooks try to persuade unwitting targets to provide account information, PIN numbers and other data they need to steal money electronically. People who receive the scam text messages should report them on the FBI’s Web site, Source:

13. May 20, Montrose Daily Press – (Colorado) Phone scam worries local banks. A phone scam that hit Montrose and Delta in full force earlier this week has reportedly netted a few local victims, and generated at least 150 calls from worried bank customers. The scam involved automated messages sent to randomly generated phone numbers in Montrose and Delta counties. With slight variations, the pre-recorded message told recipients their Visa credit or debit card was in immediate danger of cancellation, and requested they verify their accounts by providing the card number and personal identification number. The scam quickly morphed from vaguely invoking the “Visa or MasterCard fraud department” to specifying financial institutions, area bankers said. However, it did not initially go on to specify “Montrose Bank,” as was reported to the Delta County Sheriff’s Office. A representative of Montrose Bank said the robo-calls began stating they were from “your bank in Montrose” or “your Montrose bank,” a general description that was misheard as the specific financial institution called Montrose Bank. Source:

14. May 20, Business Spectator – (International) Commonwealth Bank warns on phishing scams. Commonwealth Bank of Australia Ltd has warned its customers to be aware of various email phishing scams circulating globally that ask for personal and banking account details. The bank said three emails claiming to be from the Commonwealth Bank were discovered beginning on May 6, and a further three were found the week of May 18. The Group Executive, Retail Banking Service, said the bank does not contact customers via email seeking personal information and encourages them to be more vigilant with their personal and banking account details. The bank said the scams include requests for participation in surveys, update account details, activate cards, win prizes and money, qualify for fee refunds or unlock frozen accounts. The bank said customers should contact them if they remain unsure. Source:

15. May 19, CNN – (National) Senate OKs credit card curbs. The Senate on May 19 voted 90-5 to approve a bill that will make it tougher for credit card issuers to raise fees and interest rates starting early next year. The bill now goes to the House, which is expected to take it up on May 20 and pass it before the weekend. The bill would get to the U.S. President’s desk before Memorial Day, as he called for. “To have the industry reaching and be as abusive to consumers, it needed to stop and it needed to change,” said a bill sponsor. The legislation is moderately tougher on card issuers than are new Federal Reserve rules that take effect in July 2010. The Senate’s bill would take effect in nine months and make it harder for people under age 21 to get credit cards. It would also ban rate hikes unless a consumer is more than 60 days late, and then restore the previous rate after six months if minimum payments are made. The banking industry decried the bill, saying it would exacerbate the credit crisis and force banks to drop some risky credit card holders. Source:

16. May 19, Reuters – (National) FDIC aims for TARP-free sale of bank toxic assets. The Federal Deposit Insurance Corp is looking to launch its June pilot sale of banks’ distressed loans without putting taxpayer money on the line, according to a source familiar with government plans. The FDIC will likely still provide financing to investors through debt guarantees, but is aiming to conduct the sale without a Treasury co-investment, the source said, speaking anonymously because the government discussions are private. Potential investors have expressed concern that loan purchases done in partnership with government money from the Troubled Asset Relief Program (TARP) could expose them to executive pay restrictions and other TARP conditions. The source said investors, banks, the public, and government watchdogs will get a chance to get comfortable with the program if the initial sale is done without using money from the $700-billion TARP. That comfort level would then build a foundation for when the broader program is launched, increasing its chances of success, the source said. Source:

Information Technology

35. May 20, SpamFighter News – (International) Kaspersky detects deeply penetrating computer virus Sinowal. According to security company Kaspersky, its research lab spotted a fresh version of Sinowal — a vicious code that keeps itself hidden on an infected system by contaminating its MBR (Master Boot Record) that is part of a system’s hard-drive — at the end of March 2009. The company stated the new Sinowal botnet also called Torpig represents a sophisticated method that cyber criminals have used for the first time. According to it, Sinowal plants itself on the lowest level of the OS (Operating System) i.e. the MBR of the computer’s hard-drive and effectively bypasses antivirus software. Before Kaspersky Lab detected the latest Sinowal variant, the company’s analysts had presented detailed reports about the rootkit’s other variants in 2008. However, the current variant has simply surprised the security researchers, according to the company. The company also states, during April 2009, the virus vigorously proliferated via several techniques like websites exploiting a security flaw in Adobe Acrobat Reader of PDF software or the Neosploit rootkit. According to the researchers, the detection of the rootkit along with its treatment, as the malware continues to proliferate, represents an extremely difficult job for antivirus experts who have been facing it for several years. Source:

36. May 20, ZDNet – (International) OSS attacks will grow with adoption. Speaking at a briefing on May 20, the director of security research for DVLabs at TippingPoint said computer criminals tend to work for profit gain and will attack widely-deployed software to gain access to more terminals easily. But he noted that OSS is a harder target to attack, because of the speed at which bugs get patched. The visibility of code and mass participative nature of open source development helps bugs get discovered faster. And since zero-day attacks are the most commonly used method, closing holes faster thwarts the spread of such malware, said the director. Zero-day malware attacks vulnerabilities that are yet to be patched by the manufacturer. A technical consultant with systems engineering at Symantec Singapore told ZDNet Asia it all comes down to how widely adopted a particular piece of software is. Source:,39044215,62054223,00.htm

37. May 19, ZDNet – (International) iServices Trojan removal tool 1.1. iWorkServices Trojan Removal Tool is a free utility created to remove the iWorkServices Trojan horse from infected Macintosh computers running Mac OS X. This tool is in response to a new spyware trojan horse (OSX.Trojan.iServices.A) in the wild that comes bundled with pirated copies of Apple’s (AAPL) iWork 09. When infected copies of the iWork 09 installer are run, they install a hidden trojan program called iWorkServices with full access rights to the target computer. Once the trojan is installed, it will attempt to connect to a remote server and provide the server with the infected computer’s network location. It then listens for further instructions from the remote server, which may include instructions to download additional components. iWorkServices Trojan removal tool will remove this malware. Source:

Communications Sector

38. May 20, Brunswick Sun – (Ohio) New fiber optic loop to help Brunswick businesses go online. Helping businesses in Cleveland’s industrial parks continue to thrive is the idea behind new plans that call for re-routing the proposed Medina County fiber optic loop from Center Road through the north business park. Medina County’s executive director of economic development told members of city council’s economic development committee that the county is now in the process of revising initial plans for the 150-mile ring to better accommodate the companies located on the city’s north end and in the city’s industrial parks. While initial maps for the $8 million project show the ring intersecting the city along Center Road, the new plans now call for the ring to run along Center Road and bisect the city’s north industrial park. From there, the loop will head to Grafton and North Carpenter Roads, where it will then cut over to Pearl Road in an effort to serve the Midpoint Campus Center, located in the Highland Square building near the intersection of Pearl and Boston Roads. Source:

39. May 19, CNET News – (National) Cisco reveals new initiative for mobile markets. Mobile workers today still face challenges in bouncing from wired to wireless to cellular workspaces. Cisco believes it may have a solution. On May 19, Cisco announced a new initiative called Collaboration in Motion, designed to help workers on the go by integrating different services for the mobile market. Collaboration in Motion will bring together a variety of products from Cisco’s network portfolio. The mix includes Cisco’s WebEx virtual meeting tool, its Unified Communications platform, the Cisco Unified Wireless Network, and Cisco Advanced Services for technical support. The company hopes the new project will bridge the gap between the wired, wireless, and cellular worlds, allowing mobile employees to work more seamlessly. With Collaboration in Motion, Cisco says its strategy is to focus on new tools and technologies in several key areas. As part of its Workspace Experience, the company will develop network applications and software for the growing number of portable mobile devices. For its Wireless Network platform, the company is developing more wireless network controllers and other products that use 802.11n technology. Though 802.11n has yet to be approved as a standard, many companies have been ramping up products to support it for the future. Source: