Department of Homeland Security Daily Open Source Infrastructure Report

Friday, July 10, 2009

Complete DHS Daily Report for July 10, 2009

Daily Report

Top Stories

 According to the Associated Press, two teens face felony criminal mischief charges after they opened fire hydrants in Blanco and Johnson City, Texas, which led to a loss of nearly 600,000 gallons of water during drought conditions. The mayor of Blanco says the prank will cost her city more than $3 million in water costs. (See item 22)

22. July 9, Associated Press – (Texas) 2 accused of open hydrants in Blanco, Johnson City. Opened fire hydrants in Blanco and Johnson City, Texas led to a loss of nearly 600,000 gallons of water during drought conditions. The mayor of Blanco called the release “disgusting” in a period of extreme drought. Two teens, including a now-former volunteer firefighter, face felony criminal mischief charges over the vandalism on July 4. Johnson City had about 150,000 gallons of water go down the drain. Blanco lost 420,000 gallons. The mayor of Blanco says the prank will cost her city more than $3 million in water costs, plus overtime to law officers and emergency personnel who helped clean up the mess. Source:

 The Associated Press reports that about 800 employees and 1,600 visitors to the J. Paul Getty Museum and other parts of the hilltop complex in Los Angeles were evacuated as a fire burned Wednesday in thick brush on the steep slopes of the Santa Monica Mountains. Nearby to the north, Mount St. Mary’s College was evacuated as a precaution. (See item 38)

38. July 9, Associated Press – (California) Getty Center, college evacuates due to LA fire. Visitors to the Getty Center art complex in Los Angeles, which houses works by Claude Monet and Vincent Van Gogh, were evacuated as a fire burned in thick brush on the steep slopes of the Santa Monica Mountains. The fire was 90 percent contained late Wednesday after erupting early in the afternoon and quickly growing to 80 acres above parking facilities for the Getty. The fire eventually moved eastward, away from the museum, officials said. The museum’s ventilation systems were shut down to prevent smoke from damaging the artwork, a Getty Center spokesman said. About 350 firefighters worked on rugged slopes and seven helicopters pounded flames with water from nearby Stone Canyon Reservoir. By the time the helicopters were grounded for darkness the blaze was mostly under control, and hand crews were looking for lingering hot spots. About 800 employees and 1,600 visitors to the J. Paul Getty Museum and other parts of the hilltop complex were shuttled to the center’s south building as a precaution. A tram took people down the hill to parking lots so they could drive out the south gate, and the center was closed for the rest of the day. Nearby to the north, Mount St. Mary’s College was evacuated as a precaution even though the fire was a mile away and a canyon lay between it and the school. College was not in session, but 100 staff members evacuated along with about 200 other people attending a conference. The school used campus shuttles to take them out until the all-clear was given. Source:


Banking and Finance Sector

11. July 9, Dow Jones Newswires – (International) Argentina’s banks to shut Friday as swine flu measure. Argentina’s private-sector banks on July 8 said they will join a special public-sector holiday scheduled for July 10 as part of a nationwide effort to contain the spread of the A/H1N1 swine flu. “The banks which are part of the Argentine Association of Banks…adhere to the administrative holiday for July 10,” the association said in a statement. The July 10 special holiday rolls on from the July 9 Independence Day holiday, and authorities believe people will use the long weekend as an excuse to stay home, and therefore help slow the spread of the virus as winter takes hold. The Central Bank said it will also be closed on July 10. The Argentine health ministry on July 5 reported that the official death toll in Argentina from swine flu has reached 60, and there are a total of 2,485 officially confirmed cases. However, many believe the official numbers lag the actual rate of infection, and that the real numbers are much higher. Source:

12. July 9, New York Times – (International) Six from Sky Capital charged in $140 million fraud. Six employees of a Wall Street retail broker, Sky Capital, ran a $140 million “trans-Atlantic boiler room” to defraud investors in the United States and Britain, authorities charged on July 8. Federal prosecutors announced a criminal indictment on securities, wire and mail fraud charges against Sky Capital’s founder and chief executive, and five others, Reuters said. The Securities and Exchange Commission also filed civil charges. All six surrendered to FBI agents on July 8 and later appeared in federal court in Manhattan. They entered pleas of not guilty before being released on bond. The SEC complaint said brokers raised $61 million from 2002 to 2006 from investors, but then enforced a policy that prevented investors from selling their stocks in Sky Capital Holdings and Sky Capital Enterprises. They were publicly traded on the Alternative Investment Market of the London Stock Exchange until 2006. Customers were not told that they would be unable to sell their shares, the SEC said. Source:

13. July 7, Federal Bureau of Investigation – (National) FBI issues 2008 mortgage fraud report. According to the Federal Bureau of Investigation’s 2008 Mortgage Fraud Report, released on July 7, mortgage fraud Suspicious Activity Reports (SARs) referred to law enforcement increased 36 percent to 63,713 during fiscal year (FY) 2008, compared to 46,717 reports in FY 2007. While the total dollar loss attributed to mortgage fraud is unknown, financial institutions reported losses of at least $1.4 billion, an increase of 83.4 percent from FY 2007. “Mortgage fraud hurts borrowers, financial institutions, and legitimate homeowners,” said the Assistant Director, FBI Criminal Investigative Division. “The FBI, in conjunction with our law enforcement, regulatory, and industry partners, continues to diligently pursue perpetrators of mortgage fraud schemes.”


Information Technology

33. July 9, Associated Press – (International) Official says 7 SKorean Web sites attacked again. South Korean Web sites were attacked again on July 9 after a wave of Web site outages in the United States and South Korea that several officials suspect North Korea was behind. Seven sites, one belonging to the government and the others to private entities, were attacked in the third round of cyber assaults, said an official from the state-run Korea Communications Commission. Earlier in the day, the country’s leading computer security company, AhnLab, had warned of a new attack after analyzing a virus program that sent a flood of Internet traffic to paralyze Web sites in both South Korea and the United States. About two hours after the latest assault, all but one shopping site were working normally. The Yonhap news agency had earlier reported that the Web site of the leading Kookmin Bank was down for about 30 minutes. The South’s intelligence agency said in a statement Thursday that it was strengthening cyber security measures for government computer networks, citing a possible new wave of attacks that could target national infrastructure operators like energy, telecommunications, and media companies. So far, there were no immediate reports of financial damage or leaking of confidential national information, according to the Korea Information Security Agency. The attacks appeared aimed only at paralyzing Web sites. According to Reuters, cybersecurity analysts raised doubts on July 8 that the North Korean state launched the attacks on U.S. government and South Korean Web sites, saying industrial spies or pranksters could be the villains. More than two dozen Web sites in the United States and South Korea, including that of the U.S. State Department, were attacked in recent days. South Korea’s spy agency has said North Korea may be behind the attacks, while the U.S. government has said it is too soon to make such claims, and Internet security experts agree. Source: See also:

34. July 9, – (International) McAfee warns of new Mac malware attack. Researchers at McAfee Avert Labs have warned that a new malware attack for Mac OS X systems has been spotted in the wild. Known informally as ‘Puper’, the Trojan disguises itself as a video program for OS X systems called ‘MacCinema’. The attack appears as a disk image which launches an installer application for the fictional MacCinema software. Once the installer completes its task, the user becomes infected with a script file named ‘AdobeFlash’. The malicious script then launches itself every five hours, and attempts to download and launch other malware on the infected system. This latest attack is similar to others which have targeted OS X users in recent months, often enticing the user to download and install the malware by posing as a video player or ‘codec’ plug-in required to view movie files. Source:

35. July 8, ZDNet – (International) Apple plugs dangerous Safari security holes. Apple has released Safari 4.0.2 to fix a pair of security flaws that could lead to cross-site scripting or remote code execution attacks. The vulnerabilities affect Safari for Windows (XP and Vista) and Mac OS X. The patch solves an issue in WebKit’s handling of the parent and top objects may result in a cross-site scripting attack when visiting a maliciously crafted website. This update addresses the issue through improved handling of parent and top objects. The patch also takes care of a memory corruption issue exists in WebKit’s handling of numeric character references. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved handling of numeric character references. Source:

Communications Sector

36. July 8, Fayetteville Morning News – (Arkansas) Fiber optic line cut downs Internet for Cox customers. A utility company that severed a fiber optic line caused some Cox Communications customers to be without Internet service on July 7. The outage affected the Springdale office of the Morning News and, by extension, the Rogers office of the Morning News. The Cox Communications director of public affairs said the fiber optic line was cut in the area of Greathouse Springs Road and New Hope Road. She declined to name the utility company that cut the line. The Cox outage affected customers in Tontitown, Elm Springs and western Springdale. Cox crews responded within 10 minutes of the line being cut and were working as fast as they could, the director said. She expected customers to have Internet and other Cox services restored by the evening of July 7. Source:

37. July 8, Cumberland Times-News – (West Virginia) Keyser Comcast building fire arson. The July 4 fire that destroyed the North Main Street building housing Comcast communications equipment in Keyser has been ruled as arson. The fire caused a loss of $200,000 to the structure and $100,000 to Comcast equipment. Video and Internet service to Comcast customers in the Keyser area was temporarily disrupted until Comcast established a new communications hub. The deputy fire marshall and another official of the fire marshal’s office investigated at the scene along with the Maryland State Fire Marshal’s Office, which provided an accelerant-detection dog. A private insurance company’s cause-and-origin investigators also assisted along with Keyser Police Department and the Keyser Volunteer Fire Company. The building at 55 N. Main St. served as a residence before it was purchased by Telemedia, which leased it to Comcast. Only one room of the two-story wood frame building was occupied. Source: