Department of Homeland Security Daily Open Source Infrastructure Report

Tuesday, July 14, 2009

Complete DHS Daily Report for July 14, 2009

Daily Report

Top Stories

 According to the Cape Cod Times, public safety officials warned residents in the Knob Hill Road area of Yarmouth, Massachusetts to stay in their homes on July 10 after a three-alarm fire at a 5,000-square-foot storage building containing fertilizer on Old Colony Cranberry Bog. Smoke inhalation from the fire sent 28 firefighters to the hospital. (See item 26)

26. July 11, Cape Cod Times – (Massachusetts) Chemical fire confines residents. Public safety officials warned residents in the Knob Hill Road area of Yarmouth, Massachusetts, to stay in their homes the afternoon of July 10 as the state’s hazardous materials response unit investigated a three-alarm fire at a storage building containing fertilizer. The fire, which engulfed a 5,000-square-foot metal-framed building on Old Colony Cranberry Bog at about 11:15 a.m., sent plumes of potentially toxic smoke billowing into the air, officials said. Firefighters from across the Cape responded to the call for assistance to battle the blaze. Smoke inhalation from the fire sent 28 firefighters and three civilians to Cape Cod Hospital for evaluation. They were evaluated for inhaling dangerous toxins, but all of them checked out fine, the Yarmouth fire captain said. Firefighters on the scene said the fire may have been sparked by an electrical problem, noting that the owner had been sanding the floors inside and that some kind of electric spark may have ignited cleaning rags, although no official cause had been determined as of the Times’ press deadline. The first Yarmouth fire department unit on the scene reported that half the building was engulfed in flames when they arrived, the fire captain said. When fire crews discovered fertilizer was inside the building, a “tier three” hazardous materials response was called — the highest level of response for such incidents. Exploding propane tanks inside the building sent people running. Though the fire was doused at 12:15 p.m., about an hour later, the situation grew tense again when units near the building were told to back away immediately because of the potential danger of the chemical-filled smoke still smoldering inside. The state hazardous materials response team arrived, as did the Red Cross, which provided cold drinking water for the firefighters. The bog’s owner said that the barn was probably a $100,000 loss; not including the cost of whatever equipment was destroyed or damaged. The state Department of Environmental Protection is investigating any potential environmental damage linked to run off from the firefighting effort, the fire captain said. Source:

 KSL 5 Salt Lake City reports that a wall of mud and water crashed down on homes in Logan, Utah on July 11 after a canal ruptured above a neighborhood known as “The Island” in a wooded drop-off area south of Utah State University. (See item 47)

47. July 13, KSL 5 Salt Lake City – (Utah) Search for Logan mudslide victims resumes. Crews in Logan, Utah, will resume their recovery effort on July 13 for a mother and her two children whose home was leveled by a powerful landslide. A wall of mud and water crashed down on homes in Logan on the afternoon of July 11. A canal ruptured above a neighborhood known as “The Island” in a wooded drop-off area south of Utah State University. The family’s home collapsed under the pressure of the powerful landslide. Search crews have been looking through 10 to 12 feet of material, concentrating on removing the debris. Searching had to stop because the operation became too dangerous after dark. The search will continue Monday starting at 8 a.m. It is expected to be a slow process because the ground is unstable. More than a dozen houses have mud and water damage or structural concerns. Several families are living in a Red Cross shelter. It is too soon to say when those families could potentially return to their homes, and some homes may have to be condemned. For several days leading up to the disaster, residents reported water coming off the hill and down the street. But city officials say they never suspected a canal problem. The Logan Public Works director said, “There are springs all along that entire road on that slope and we have some water issues every year.” Angry residents say this time the water was muddy. They say that should have been a warning. There are no state inspections of canals. Legally, it is left up to the companies that own the canals. Source: See also:


Banking and Finance Sector

15. July 11, Associated Press – (Wyoming) Regulators shut small Wyoming bank. Regulators on July 10 shut Bank of Wyoming, marking the 53rd failure this year of a federally insured bank. The Federal Deposit Insurance Corp. was appointed receiver of the failed bank, based in Thermopolis. It had $70 million in assets and $67 million in deposits as of June 30. The FDIC says Central Bank & Trust of Lander, Wyoming, will assume all deposits and purchase about $55 million in assets. The FDIC will retain the remaining assets to sell later. Bank of Wyoming’s only location will become a branch of Central Bank & Trust. Bank of Wyoming accounts will automatically become depositors of Central Bank. Source:

Information Technology

40. July 13, Computerworld – (International) Researcher says IE bug could spread quickly. A critical ActiveX vulnerability used by hackers to exploit Microsoft Corp.’s Internet Explorer browser is a prime candidate for another Conficker-scale attack, security experts said. On July 6, just hours after security companies reported that thousands of compromised sites were serving up exploits, Microsoft acknowledged the flaw in the ActiveX control that can be accessed using IE. The bug has been used by hackers since at least June 9. Microsoft said it will issue a patch for the flaw on July 14. The vulnerability “exposes the whole world and can be exploited through the firewall,” said the chief research officer at security software vendor AVG Technologies USA Inc. “That’s better than Conficker, which mostly did its damage once it got inside a network.” Conficker exploited a Windows flaw that Microsoft had thought dire enough to fix outside its usual update schedule in October 2008. The worm exploded into prominence in January, when a variant infected millions of machines that remained unpatched. Microsoft confirmed the latest flaw shortly after security researchers at Danish firms CSIS Security Group AS and Secunia said that thousands of hacks of legitimate Web sites over the July 4 weekend had exploited the bug. The hackers took advantage of the bug to reroute users to a malicious site, which in turn downloads and launches a multiexploit hacker tool kit. Source:

41. July 11, – (International) Apple still mute to iPhone complaints. The iPhone 3GS has been an undeniable marketplace hit since its release on June 19, and will likely continue to soar in sales despite three customer complaints that have surfaced recently. The big three gripes: the iPhone 3GS battery life is dismal, the 3GS overheats, and there is a serious SMS vulnerability. The most serious of the iPhone’s problems concerns a new SMS vulnerability that could allow an attacker to remotely install and run unsigned software code with root access to the iPhone. A security expert, who hacked a Mac via Safari in 10 seconds at this year’s PWN2Own contest, said in a presentation that the weakness is in the way iPhones handle text messages. The seriousness of this problem has spurred Apple’s intent; Apple is reportedly working on a patch that should be available later this month. “I believe that the SMS vulnerability may be the most pressing, since stories of hijacked, zombie, misbehaving iPhones are more likely to leave a long-lasting negative impression than are the heat and battery life issues,” said a Forrester analyst. Source:

Communications Sector

42. July 11, Ventura County Star – (California) Outage reminds businesses to plan. Extended outages that include both telephone and Internet are rare, but as businesses learned on July 6, it is important to have a plan for when it occurs. Businesses from Malibu to Santa Paula lost phone and data service after an important Verizon fiberoptic line was severed on July 6 in Camarillo. Some businesses were not affected, but the worst hit could not handle customer calls or transactions. The outage had a widespread effect because Verizon is the local exchange carrier, which means various providers send their data over the company’s fiberoptic line. Source:

43. July 10, NetworkWorld – (Texas) Rackspace aims to repair credibility in wake of power failures. It has been a difficult two weeks for Rackspace and its users, with two power outages in a co-location facility interrupting service for an estimated 2,000 customers. Rackspace has been open about its failures, communicating with customers directly and through the company’s official blog and Twitter account. Open communication and a commitment to fixing technical problems will both be crucial for Rackspace as it attempts to repair damaged credibility, says the CEO. “Any time we have an incident like this, it does impact our credibility,” the CEO said in an interview on July 10 with Network World. “The only way we earn it back is we have to execute at a high level for a long time.” Power outages on June 29 and July 7 hit Rackspace’s 144,000-square-foot data center in the Dallas suburb of Grapevine. Rackspace operates nine data centers worldwide for about 60,000 customers. Within the Dallas facility, some customers experienced downtime of about 40 minutes on June 29 and on July 7 some customers suffered downtime of 15 to 20 minutes. The facility has three “phases,” or physical areas, and both outages hit the same phase, affecting a total of about 2,000 customers, according to Rackspace. Source:

44. July 10, Government Computer News – (National) Legislation would create inventories to help manage radio frequency spectrum. Bills in both houses of Congress would require detailed inventories of federally managed radio frequency (RF) spectrum and create Web portals to make that information available to the public. H.R. 3125 was introduced July 8 by the chairman of the House Energy and Commerce Committee, and immediately referred to that committee. A similar bill, S. 649, was introduced in the Senate in March and was voted out of the Commerce, Science and Transportation Committee July 8. Both measures are titled the Radio Spectrum Inventory Act and, with minor differences, would require that the Commerce Department’s National Telecommunications and Information Administration (NTIA) and the Federal Communications Commission (FCC) to create inventories of radio spectrum under their management in 180 days after the measures became law. The inventories would list the authorized services for, and the users of, each band of frequency in the geographical areas in which they are licensed to operate, and include maps showing the usage of spectrum in each area. The NTIA and the FCC also would submit annual reports to Congress updating the status of the inventory, identifying the least used blocks of spectrum and recommending whether spectrum should be reallocated. The bills differ slightly in the spectrum to be covered. The House bill covers bands from 225 MHz to 10 GHz, while the Senate version covers bands from 300 MHz to 3.5 GHz. Both bills would exempt sensitive information from published inventories for national security and proprietary business reasons. Source: