Department of Homeland Security Daily Open Source Infrastructure Report

Tuesday, June 2, 2009

Complete DHS Daily Report for June 2, 2009

Daily Report

Top Stories

 InformationWeek reports that anti-U.S. hackers penetrated servers at the Army’s McAlester Ammunition Plant in McAlester, Oklahoma on January 26 and at the U.S. Army Corps of Engineers’ Transatlantic Center in Winchester, Virginia. (See item 9)

May 28, InformationWeek – (National) Anti-U.S. hackers infiltrate Army servers. A known computer hacking clan with anti-American leanings has successfully broken into at least two sensitive Web servers maintained by the U.S. Army, InformationWeek has learned exclusively. Department of Defense and other investigators are currently probing the breaches, which have not been publicly disclosed. The hackers, who collectively go by the name “m0sted” and are based in Turkey, penetrated servers at the Army’s McAlester Ammunition Plant in McAlester, Oklahoma, and at the U.S. Army Corps of Engineers’ Transatlantic Center in Winchester, Virginia. The breach at the McAlester munitions plant occurred on January 26, according to records of the investigation obtained by InformationWeek. On that date, Web users attempting to access the plant’s site were redirected to a Web page that featured a protest against climate change. Beyond the redirects, it is not clear whether the group was able to obtain sensitive information from the Army’s servers. The hacks are the subject of an ongoing criminal investigation by Defense Department officials and members of the U.S. Army’s Judge Advocate General’s Office and Computer Emergency Response Team. The hacks are troubling in that they appear to have rendered useless supposedly sophisticated Defense Department tools and procedures designed to prevent such breaches. The department and its branches spend millions of dollars each year on pricey security and antivirus software and employ legions of experts to deploy and manage the tools. Source:

 According to the Associated Press, authorities are questioning a man suspected of fatally shooting an abortion doctor in a church in Wichita, Kansas on Sunday. In Washington, the U.S. Marshals Service said that as a result of the doctor’s shooting, the U.S. Attorney General had ordered it to “increase security for a number of individuals and facilities.” (See item 18)

18. June 1, Associated Press – (Kansas; National) Authorities question suspect in Kansas abortion doctor’s killing, examine past activities. A man suspected of fatally shooting an abortion doctor in church was in jail Monday while investigators sought to learn more about his background, including his possible connections to anti-abortion groups. The doctor was serving as an usher during morning services Sunday when he was shot in the foyer of Reformation Lutheran Church in Wichita, Kansas, police said. The gunman fired one shot at the doctor and threatened two other people who tried to stop him. The suspect was taken into custody some 170 miles away in a Kansas City suburb about three hours after the shooting. The doctor had been a lightning rod for abortion opponents for decades. The women’s clinic he ran is one of three in the nation where abortions are performed after the 21st week of pregnancy. In Washington, the U.S. Marshals Service said that as a result of the doctor’s shooting, the U.S. Attorney General had ordered it to “increase security for a number of individuals and facilities.” It gave no details. Police said Sunday that all early indications showed the shooter acted alone. Source:,0,4267315.story?page=1


Banking and Finance Sector

10. June 1, Orlando Sentinel – (Florida) Scam alert: Investment fraud on the rise in Florida. The founder of Wealth Pools International Inc., an Orlando businessman, is accused of securities fraud in what federal regulators call a multimillion-dollar international Ponzi scheme. Investment fraud has been growing in Florida and across the nation during the recession, regulators say. Complaints about suspicious investment activity more than doubled last year in Florida to 425, according to the state Office of Financial Regulation, which has received another 112 complaints so far in 2009. In Orlando, the Wealth Pools founder recently agreed to settle SEC civil fraud allegations. He faces a repayment order that could total millions of dollars. At one point, Wealth Pools said it had raised $132 million from investors, yet investigators have located less than $3.5 million. The Wealth Pool founder denies any wrongdoing. Source:,0,3302322.story

Information Technology

26. June 1, Computerworld – (International) Spammers find new ways to flood corporate networks. Unsolicited e-mail accounted for 90.4 percent of all messages received on corporate networks during April, an increase of 5.1 percent from a month earlier, according to a report released May 26 by Symantec Corp.’s MessageLabs Intelligence unit. The monthly MessageLabs report on threat trends also found that nearly 58 percent of all spam can be traced to botnets. A researcher at Cloudmark Inc., a provider of antispam tools, noted that in addition to using botnets, spammers in recent months have been experimenting with a new way to sneak unwanted email past corporate filters. Often, he said, a spammer will rent legitimate network services, often in an Eastern European country, and then blast a large amount of spam at the network of a specific ISP. The idea is to push as many messages as possible onto the network before any kind of filtering software detects the incident. The researcher estimates that hundreds of thousands of such messages are sent each day without detection. Source:

27. June 1, MX Logic – (National) Defense companies ramp up IT security recruiting. Defense companies have been accelerating recruitment of IT security experts in order to gain lucrative Pentagon contracts as the Federal Government attempts to tighten the security of strategic networks. The New York Times, which has previously reported that the Pentagon is considering implementing a cybercommand to coordinate cyberwarfare and network defense, reported on May 31 that the Pentagon now employs thousands of “hacker soldiers.” Large military contractors including Northrop Grumman, General Dynamics, Lockheed Martin, and Raytheon have major contracts with the military and intelligence agencies, the Times reported. In light of the U.S. Presidents announced plans to name a cybersecurity coordinator to oversee the nation’s defense against Web-based attacks and new efforts to combat hackers from foreign powers including Russia and China, defense companies are vying for top talent in the field. Source:

Communications Sector

28. May 31, Washington Post – (Virginia) Metro dig at Tysons stirs underground intrigue. Black wire is one of the looming perils of the massive construction that has come to Tysons, where miles and miles of secure lines are thought to serve such nearby federal agencies. After decades spent cutting through red tape to begin work on a Metrorail extension and the widening of the Capital Beltway, crews are now stirring up tons of dirt where the black lines are located. The project will spend $150 million moving more than 75 miles of conduit along the three-mile stretch of routes 123 and 7 that run through Tysons. Even without the presence of sensitive government operations, moving utilities to make way for Metrorail is a tricky and enormous enterprise. The Tysons-Reston corridor is home to one of the nation’s primary Internet pipelines installed years ago by the government and private companies. Most major telecommunications carriers link to the pipeline, meaning there is a jumble of fiber optic wire under the Dulles rail route. Moving utilities quickly and cheaply is a big part of any construction work. But the $5.2 billion rail project, which will extend service from Arlington County to Dulles International Airport, is particularly complex: It includes four stations in Tysons and a three-mile stretch of elevated track along the two main Tysons thoroughfares, which are used by more than 100,000 vehicles each day. Construction crews have been digging for more than a year to shift the utility wires out of the path of the rail line, stations and support piers. In the end, they will have installed more than 140 new manholes and rerouted the lines of more than 21 private utilities, including Dominion Virginia Power, Cox Cable, Verizon, AT&T, and many more. And they have snapped, accidentally, dozens of those carriers’ lines, because even not-so-secret commercial lines sometimes do not show up on utility maps. Even after extensively researching land records and maps and digging more than 600 test holes to determine utility locations, it is hard to avoid accidents on a project of such complexity and in such a busy place. Source: