Department of Homeland Security Daily Open Source Infrastructure Report

Thursday, July 9, 2009

Complete DHS Daily Report for July 9, 2009

Daily Report

Top Stories

 According to DEBKAfile, Western anti-terror agencies have warned that a group of 15-20 al Qaeda terrorists, who were trained in Pakistan and Algeria to hijack and blow up U.S.- and Israel-bound airliners, deployed secretly to at least six European and Middle East countries in early July. (See item 14)

14. July 8, DEBKAfile – (International) U.S., German intel: Al Qaeda plots multiple attacks on U.S.-, Israel-bound airliners. Western anti-terror agencies have warned that a group of 15-20 al Qaeda terrorists, who were trained in Pakistan and Algeria to hijack and blow up airliners, deployed secretly to at least six European and Middle East countries in early July. They are standing ready to carry out multiple terrorist attacks. The terrorists are believed to have landed in Britain, Germany, France, Italy, Turkey and Egypt. The dates to watch, local authorities were warned, were July 4, July 7, the fourth anniversary of the 7/7 attacks on the British transport system in which 52 people died, and July 8-9, when the G8 summit meets in the Italian town of L’Aqila. The U.S. President will fly in from talks with Russian leaders in Moscow. Al Qaeda planners, say the Western sources, know it is extremely hard to break through the massive security cordons protecting summit leaders. They are therefore planning to hijack passenger planes of airlines belonging to the targeted states and blow them up in mid-air. DEBKAfile’s counter-terror sources report the first specific red alert on July 4, referred to the possible hijack of Turkish Airways planes taking off from Turkish airports for U.S. destinations or Tel Aviv. According to WTOP 103.5 Washington, D.C., Turkish Airlines flies directly to New York and Chicago. Source: See also:

 The Washington Post reports that South Korea’s intelligence agency suspects that North Korea may have been behind an Internet attack that on Tuesday and Wednesday targeted government Web sites in South Korea and the United States. Web sites operated by Nasdaq, the New York Stock Exchange, and the Washington Post were also attacked. (See item 23)

23. July 8, Washington Post – (International) North Korean agency suspected in cyber-attack. South Korea’s intelligence agency suspects that North Korea may have been behind an Internet attack that on Tuesday and Wednesday targeted government Web sites in South Korea and the United States, lawmakers in Seoul told news agencies. Twenty-six Web sites in the two countries, including the office of South Korea’s president and the defense ministry, were targeted, the South Korean National Intelligence Service said in a statement. In the United States, the attack targeted Web sites operated by major government agencies, including the departments of Homeland Security and Defense, the Federal Aviation Administration and the Federal Trade Commission, according to several computer security researchers. “The attacks appear to have been elaborately prepared and executed at the level of a group or a state,” the agency said. Eleven Web sites in the United States had problems similar to those that occurred in South Korea, the Korean Information Security Agency said. Some members of the intelligence committee in the National Assembly were told by intelligence officials that North Korea or its sympathizers were prime suspects in the attacks, according to Yonhap, the South Korean news agency, which cited unnamed legislators. The attacks were described as “distributed denial of service,” an operation that hacks into personal computers and commands them to overwhelm certain Web sites with a blizzard of data. U.S. government officials declined Tuesday night to confirm the agencies affected by the attack. A Department of Homeland Security spokeswoman said that the agency was aware of ongoing attacks and that the government’s Computer Emergency Response Team had issued guidance to public and private sector Web sites to stem the attacks. In addition to sites run by government agencies, several commercial Web sites were also attacked, including those operated by Nasdaq, the New York Stock Exchange, and the Washington Post. Source:


Banking and Finance Sector

10. July 8, New York Times – (International) Swiss vow to block UBS from handing data to U.S. The Swiss government said on July 8 that it was prepared to seize UBS client data rather than allow the bank to hand it over to the United States to settle a tax case, the New York Times reported. UBS has refused a demand from U.S. authorities that it turn over the names of 52,000 American clients, arguing that to do so would be illegal under Swiss banking secrecy laws and would open it to prosecution at home. The U.S. Justice Department in February sued UBS, saying it suspected the bank of helping wealthy Americans hide billions of dollars in secret offshore accounts. “Switzerland makes it perfectly clear that Swiss law prohibits UBS from complying with a possible order by the court in Miami to hand over the client information,” the Swiss Department of Justice and Police said on July 8 in a statement on its Web site, a day after it made a filing to the same effect in the U.S. District Court in Miami. Therefore, “all the necessary measures should be taken to prevent UBS from handing over the information on the 52,000 account holders demanded in the U.S. civil proceeding,” it added. The Swiss government will issue an order explicitly prohibiting UBS from handing over client information “if circumstances require,” it said. UBS, the largest Swiss bank, is under great pressure to reach an agreement. The bank has already paid $780 million and turned over the names of more than 250 clients to avoid prosecution on allegations that it defrauded the Internal Revenue Service. Its soured investments, many on American subprime mortgages, have cost it $53 billion in write-downs, sending it to taxpayers for a bailout. UBS officials were not immediately available for comment. Source:

11. July 8, Associated Press – (Georgia) Suspicious package found at Bank of America branch. A suspicious package found at a Bank of America branch in Atlanta was found to contain ammonium chloride. Authorities cleared the bank on Ponce de Leon when the package was found about 11:45 a.m. on July 7. Firefighters wearing hazardous material suits removed the package after bomb squad personnel determined it was not an explosive device. Ammonium chloride is salt-like in its purest form, is sold in blocks at hardware stores and has varied industrial and manufacturing uses. It can induce nausea or vomiting. Authorities said the U.S. Department of Homeland Security is working with bank officials on the investigation. Source:

12. July 7, Reuters – (National) U.S. SEC charges Provident Royalties in $485 mln fraud. Provident Royalties LLC and three founders were charged with securities fraud for allegedly bilking thousands of oil and natural gas investors in a $485 million Ponzi scheme, the Securities and Exchange Commission said on July 7. In a civil case, the SEC alleges that from about September 2006 until January 2009, Texas-based Provident Royalties raised nearly half a billion dollars from at least 7,700 U.S. investors by promising annual returns of over 18 percent and misrepresenting how the funds would be used. A portion of the proceeds were used for acquisition and development of oil and gas exploration and development activities, but other investor funds were used to pay earlier Provident Royalties investors, the SEC said. “Investors were told that 86 percent of their funds would be placed in oil and gas investments. That representation was false,” the SEC’s complaint said. The SEC said a federal court issued an emergency freeze on assets and appointed a receiver to preserve the assets. Source:

13. July 7, Wall Street Journal – (California) Big banks don’t want California’s IOUs. A group of the biggest U.S. banks said they would stop accepting California’s IOUs on July 3, adding pressure on the state to close its $26.3 billion annual budget gap. The development is the latest twist in California’s struggle to deal with the effects of the recession. After state leaders failed to agree on budget solutions last week, California began issuing IOUs, or “individual registered warrants,” to hundreds of thousands of creditors. The state controller said that without IOUs, California would run out of cash by July’s end. But now, if California continues to issue the IOUs, creditors will be forced to hold on to them until they mature on October 2, or find other banks to honor them. When the IOUs mature, holders will be paid back directly by the state at an annual 3.75 percent interest rate. Some banks might also work with creditors to come up with an interim solution, such as extending them a line of credit, said a California Bankers Association spokeswoman. Amid the budget deadlock, Fitch Ratings on July 6 dropped California’s bond rating to BBB, down from A minus, the latest in a series of ratings downgrades for the state. The group of banks included Bank of America Corp., Citigroup Inc., Wells Fargo & Co. and J.P. Morgan Chase & Co., among others. The banks had previously committed to accepting state IOUs as payment. California plans to issue more than $3 billion of IOUs in July. Source:

For another story, see item 23, above in Top Stories

Information Technology

27. July 8, Spamfighter News – (International) Trend Micro discovers new ransomware ‘WORM_RANSOM.FD.’ According to Trend Micro security researchers, they have detected a new ransomware that proliferates through an e-mail on the internet. Trend Micro have called the malware WORM_RANSOM.FD that seems as a mass mailing computer worm, but a detailed analysis of it has revealed that it contains a deadly payload. It has been discovered that WORM_RANSOM.FD downloads from remote websites when visitors access those sites or it may download secretly by other malware on the targeted system. While the deadly payload does not affect some files with extensions such as .dry, .rwg, .vxd, .dll, .inl and .exe, the malware is capable of encrypting all files stored in the targeted computers using Blowfish algorithm. Hence, the malware makes the files useless. Moreover, the worm makes a registry entry (ies) that allows it to do automatic execution whenever the system startup. Interestingly, the new ransomware WORM_RANSOM.FD does not follow the function of a typical ransomware which demands money for restoring encrypted files. Instead it gives a user three options to choose from to restore the affected files. Source:

28. July 7, IDG News Service – (International) Software developer pleads guilty to spam charge. A Virginia software developer has pleaded guilty to charges related to creating and marketing software designed to send bulk commercial e-mail messages, in violation of the U.S. CAN-SPAM Act, the U.S. Department of Justice said. The guilty party, 49, of Centreville, Virginia, pleaded guilty on July 7 to aiding and abetting violations of the CAN-SPAM Act committed by two spam kingpins, both of West Bloomfield, Michigan, and other spammers, the DOJ said. Under the terms of his plea agreement, the guilty party faces up to six years in prison, a fine of $3,000 and the forfeiture of $50,100 in proceeds for the sale of his software. He pleaded guilty in U.S. District Court for the Eastern District of Michigan. From January 2004 to September 2005, the guilty party and his company, Lightspeed Marketing, developed and sold customized software products that allowed users to send large volumes of spam e-mail at high speeds and disguise the true origin of the e-mails from recipients in order to evade antispam filters, blacklisting and other spam-blocking techniques, the DOJ said. The guilty party, in his plea agreement, acknowledged that he designed the Nexus software package to enable users to insert false information into the headers of the spam e-mails it sent, the DOJ said. The accused designed Proxy Scanner to enable users to make use of third-party proxy computers to relay or retransmit spam e-mails and disguise their true origin. Source:

For another story, see item 23, above in Top Stories

Communications Sector

29. July 7, Ventura County Star – (California) Construction mishap wipes out phone, Internet, ATM service. A damaged fiber-optic cable caused a massive telecommunications failure on July 6 in Ventura County, slowing commerce and shutting down 911 emergency systems. The problem lingered through most of the day in Oxnard, Camarillo, Newbury Park, Santa Paula, Port Hueneme and Malibu, said a spokesman for Verizon Communications. Police departments in Oxnard and Santa Paula as well as the Ventura County Fire Department could not receive emergency 911 calls for most of the day. The outage, reported about 10 a.m., slowed or shut down phone lines, cell phone towers, Internet service and credit card and ATM machines, the spokesman said. By 5:30 p.m., just a few areas in Oxnard were still without service. Oxnard police reported that 911 service was restored in the city about 9 p.m. The outage was caused by construction damage to a “general service” fiber-optic cable in Camarillo, which also affected TV and radio stations. Video service for customers who have Verizon’s FiOS service was also affected. Verizon located the broken cable on July 6 at a county road-widening project in Camarillo at Lewis and Dawson roads. Construction workers damaged about 1,000 feet of the several-inches-thick cable, the spokesman said. Source:

30. July 7, IDG News Service – (National) Cisco to put routers in space. At its user conference in San Francisco last week, Cisco Systems boasted about the 30 new businesses it is developing. One is scheduled to launch by the end of this year. The company that pioneered the Internet router is about to enter a new frontier, sending one into geostationary orbit on a satellite. It is the first big step in a U.S. Defense Department-led initiative, called Internet Routers In Space (IRIS), that could eventually make it easier and less expensive to get high-speed Internet access where wires and cables do not reach. Satellites carry Internet data and connect to the Internet through base stations on the ground, but they are really a separate network, said the general manager of IRIS at Cisco. An Earth station beams a signal up to the satellite at a certain frequency, and the craft bounces it back down to another, predefined Earth station. Users, such as service providers and government agencies, have to lease that frequency and sit on it whether they are using it or not. Satellite links represent discrete point-to-point connections in an Internet that is designed to route packets around the world on any peering network and any kind of physical link. That is because there are no routers in space, according to the general manager. If communications satellites had routers, they could take in IP (Internet Protocol) packets and send them to a variety of places, via different Earth stations or other satellites, forging new links whenever needed. Rather than having to pick a particular link and lease it, users could just pay for an Internet service that uses satellites as part of its physical backbone. Source: