Department of Homeland Security Daily Open Source Infrastructure Report

Tuesday, June 30, 2009

Complete DHS Daily Report for June 30, 2009

Daily Report

Top Stories

 E.W. Scripps Co. reports that a US Airways flight with at least 130 people on-board made a hard landing as it touched down at Tampa International Airport in Florida on Saturday. The plane’s front tires blew on touchdown, and the hard impact caused the front landing gear to collapse. (See item 13)

13. June 28, E.W. Scripps Co. – (Florida) US Airways plane makes hard landing at Tampa International Airport. A US Airways flight gave its passengers quite a scare after making a hard landing as it touched down at Tampa International Airport June 27. The Boeing 737 sat on Tampa International Airport’s Bayside runway, near the airport entrance road, for most of the afternoon, after the plane’s front tires blew on touchdown. The hard impact caused the front landing gear to collapse. The aircraft’s nose sat inches from the tarmac as passengers were de-planed at the rear of the aircraft. “We heard a boom and we saw sparks shooting by the window and the whole plane just went, boom,” said a passenger. A US Airways spokesperson says the flight was almost full with 138-people on-board, plus five crew members and passengers that were headed from Philadelphia to Tampa. None were hurt. Source:

 The U.S. Food Safety and Inspection Service announced on Sunday that JBS Swift Beef Company, a Greeley, Colorado establishment, is voluntarily expanding its June 24 recall to include approximately 380,000 pounds of assorted beef primal products that may be contaminated with E. coli. The beef products were distributed both nationally and internationally. (See item 19)

19. June 28, U.S. Food Safety and Inspection Service – (National) Colorado firm expands recall of beef products due to possible E. coli O157:H7 contamination: class I recall. JBS Swift Beef Company, a Greeley, Colorado establishment, is voluntarily expanding its June 24 recall to include approximately 380,000 pounds of assorted beef primal products that may be contaminated with E. coli O157:H7, the U.S. Department of Agriculture’s Food Safety and Inspection Service (FSIS) announced on June 28. Together with trace-back information and laboratory data, the recall is being expanded as a result of FSIS’ cooperation with the Centers for Disease Control and Prevention (CDC) in an ongoing investigation into 24 illnesses in multiple states, of which at least 18 appear to be associated. This investigation prompted the company to re-examine the effectiveness of their food safety system for the April 21 production of beef primals, and they are conducting this recall out of an abundance of caution as the safety of the products produced on a portion of that day could not be assured. The beef products were produced on April 21, 2009 and were distributed both nationally and internationally. The recalled products include intact cuts of beef, such as primals, sub-primals, or boxed beef typically used for steaks and roasts rather than ground beef. FSIS is aware that some of these products may have been further processed into ground products by other companies. The highest risk products for consumers are raw ground product, trim or other non-intact product made from the products subject to the recall. Source:


Banking and Finance Sector

11. June 28, Wall Street Journal – (California; Georgia; Minnesota) Regulators close five more banks. Federal and state regulators on June 26 closed five banks in California, Georgia and Minnesota, bringing the number of failures nationwide this year to 45. The California Department of Financial Institutions shut down two banks in the state, Los Angeles-based Mirae Bank and MetroPacific Bank of Irvine. On June 26, the Georgia Department of Banking and Finance shut down the Community Bank of West Georgia, based in Villa Rica, and the Neighborhood Community Bank of Newnan. Meanwhile, Minnesota suffered its first bank failure of the year, when Horizon Bank of Pine City was closed by the Minnesota Department of Commerce. The Federal Deposit Insurance Corp., which was named receiver of all five banks, estimated the failures would cost the agency’s deposit insurance fund about $264.2 million. All of Mirae Bank’s deposits were purchased by Wilshire State Bank, also of Los Angeles. In addition, Wilshire will buy about $449 million of the bank’s assets, with the FDIC planning to dispose of the rest later. Mirae had total assets of $456 million and deposits of $362 million on May 29. MetroPacific Bank’s deposits, except about $6 million from brokers, were bought by Sunwest Bank of Tustin, California. As of June 8, MetroPacific had $80 million in assets and $73 million in deposits. Horizon Bank’s deposits were bought by Stearns Bank of St. Cloud, Minnesota, which paid a premium 0.75 percent. Stearns also agreed to purchase about $84.4 million of assets. Horizon Bank had total assets of $87.6 million and deposits of $69.4 million at the end of March. CharterBank, based in West Point, Georgia, will assume all the deposits of Neighborhood Community Bank, agreeing to purchase about $209.6 million of assets. Neighborhood had total assets of $221.6 million and total deposits of $191.3 million as of March 31, and the FDIC will retain the remaining assets for disposition at a later date. Source:

12. June 27, Associated Press – (National) Madoff ordered to forfeit over $170 billion. A disgraced financier has been ordered to forfeit over $170 billion, prosecutors said on June 26. A U.S. District Judge entered a preliminary order of forfeiture on June 26, according to an Acting U.S. Attorney. The order forces the financier to give up his interests in all property, including real estate, investments, cars and boats. According to earlier court documents, prosecutors reserved the right to pursue more than $170 billion in criminal forfeiture. That represents the total amount of money that could be connected to the fraud, not the amount stolen or lost. The government also settled claims against the financier’s wife, according to the June 26 order. Under the arrangement, the government obtained her interest in all property, including more than $80 million of property to which she had claimed was hers, prosecutors said. The order makes it clear, though, that nothing precludes other departments or entities from seeking to recover additional funds. The agreements strip the couple of all their interest in properties belonging to them, including homes in Manhattan, Montauk, and Palm Beach, Florida, worth a total of nearly $22 million. Source:

Information Technology

31. June 26, PC World – (International) Security experts visualize botnets with an eye toward defense. Not all botnets are organized in the same way. That is the conclusion of a report from Damballa which seeks to categorize the dominate structures. It attempts to explain why certain types of blocking and filtering will work against some botnets, and not for others. “The ‘hybrid’ threat banner is often cast about,” says the vice president of Research, Damballa, an enterprise security company specializing in botnet mitigation, “But that label means nothing to teams tasked with defending the enterprise. By explaining the topologies (and their strengths and weaknesses) these teams can better visualize the threat.” The Star structure is the most basic and offers individual bots a direct communication with the Command and Control (CnC) server. It can be visualized in a star-like pattern. However, by providing direct communications with one CnC server the botnet creates a single point of failure. Take out the CnC server and the botnet expires. The vice president says the Zeus DIY botnet kit, out of the box, is a star pattern, but that botmasters often upgrade, making it multiserver. “In most cases, particular botnets can be classed as a member of just one CnC topology — but it is often down to the botnet master which one they choose.” Multi-Server is the logical extension of the Star structure using multiple CnC servers to feed instructions to the individual bots. This design, says the vice president, offers resiliency should any one CnC server go down. It also requires sophisticated planning in order to execute. Srizbi is a classic example of a multi-server CnC topology botnet. Source:

32. June 26, Baltimore Examiner – (International) Jackson, Fawcett spur Internet fraud. While most of the country mourns the deaths of two celebrities, fraudsters seek opportunity by tricking heartbroken followers. The United States Computer Emergency Readiness Team (US-CERT) issued an alert on June 26 warning of increased spam campaigns, phishing attacks and malicious code attacks surrounding the stars’ deaths. Some scams may result in identity theft. Fraudsters have taken advantage of other situations to swindle personal information and money following national and worldwide disasters such as Hurricane Katrina and the Asian Tsunami. In addition to phishing and malicious code attacks, there were many charity scams. Charity and fan paraphernalia scams are expected to be associated with the celebrity’s names. Some of these scams will claim to collect donations from unsuspecting consumers for charitable causes supported by the late stars. Some scams may collect credit card and bank account information as payment for charitable donations or for the purchase of celebrity memorabilia. There will be no donations or souvenirs, the financial account information handed over will be used by the fraudsters to commit existing account fraud, a form of identity theft. Source:

For another story, see item 33 below.

Communications Sector

33. June 26, IDG News Service – (International) China remains spam haven due to ‘bulletproof’ hosting. An overwhelming majority of Web sites promoted through spam are hosted in China at service providers that many times choose to ignore complaints and allow illegal activity, according to research from the University of Alabama. The director of research in computer forensics in the university’s computer and information sciences department wrote on his blog that it is well past the time to declare a spam crisis in China. The university reviewed millions of spam messages seen throughout this year from its Spam Data Mine, which analyzes junk mail for threats. In those messages were links to hundreds of thousands of Web sites. A total of 69,117 unique domains hosted those Web sites. Seventy percent, or 48,552, hosted Web sites that ended in “.cn,” the country-code top level domain for China. Again, about 70 percent of Web sites were located on computers within China. “It is very normal that more than one-third of the domain names we see each day in spam messages come from China,” the director wrote. “When one also considers the many ‘.com’ and ‘.ru’ domain names which are also hosted in China, the problem is much worse.” Typically when suspicious Web sites are detected, security companies will send a complaint to a hosting company, which may also act as a registrar, or seller of domain names. The site is typically taken offline. However, some companies in China and elsewhere offer so-called “bulletproof” hosting, where Web sites are allowed to stay online or spam operations can continue unabated. Source:

34. June 26, Honolulu Advertiser – (Hawaii) Sandwich Isles Communications unveils new undersea cable. Sandwich Isles Communications (SIC), a local telecommunications company that services Hawaiian Homestead communities statewide, has completed installation of its new, state-of-the-art, undersea fiber optic cable connecting the five major Hawaiian islands (Kaua’i, O’ahu, Maui, Moloka’i and the Big Island). “We are pleased to be fulfilling our commitment to provide state-of-the-art telecommunications services to our customers in Hawaiian Homestead communities,” said the SIC Chief Executive Officer. “We believe our new undersea network will change the face of telecommunications in Hawaii, allowing for much needed economic growth and high technology jobs in our state, particularly on the neighbor islands.” With 48 strands of pure glass fiber, SIC’s marine network is the largest in the state, with the bandwidth to carry 2.9 Terabits of data per second. Source: