Department of Homeland Security Daily Open Source Infrastructure Report

Monday, July 27, 2009

Complete DHS Daily Report for July 27, 2009

Daily Report

Top Stories

 The Great Falls Tribune reports that lightning knocked out two wind turbines and sent a 127 foot tower blade crashing to the ground at the Judith Gap Wind Farm in Montana last month, an Invenergy spokeswoman said on July 22. (See item 2)


2. July 23, Great Falls Tribune – (Montana) Lightning takes down 127-foot wind blade. Lightning knocked out two wind turbines and sent a massive tower blade crashing to the ground at the Judith Gap Wind Farm last month, the company said July 22. Repairs began earlier this month and will continue into September, said an Invenergy spokeswoman. No workers were on the site at the time of the accident, which occurred at 6:20 p.m., she said. “There are lightning strikes on a regular basis,” she said. “This one just happened to be pretty severe.” The 90 towers at the 135-megawatt wind farm, located on 8,300 acres of private and public land 125 miles southeast of Great Falls, are 262 feet tall. The blades are 127 feet long. Lightning struck Turbine No. 88’s three blades and one disengaged and fell to the ground, she said. The blade struck and dented the steel tower during the drop, she said. All three of the tower’s blades and its rotor will need to be replaced, she said. Each wind tower can produce a maximum of 1.5 megawatts for a total potential output of 135 megawatts. Since the storm, both towers have been idle, she said. Source: http://www.greatfallstribune.com/article/20090723/NEWS01/907230301


 According to the Wall Street Journal, U.S. aviation regulators, prompted by the 2008 crash landing of a British Airways Plc jetliner near London, proposed on July 23 mandatory safety fixes intended to prevent ice accumulation inside the fuel systems of certain Boeing 777 aircraft. (See item 11)


11. July 23, Wall Street Journal – (National) FAA seeks mandatory engine fixes on certain Boeing 777 jets. U.S. aviation regulators, prompted by the 2008 crash landing of a British Airways Plc jetliner near London, proposed mandatory safety fixes on July 23 intended to prevent ice accumulation inside the fuel systems of certain Boeing 777 aircraft. Such problems can lead to dangerous reductions in engine thrust. Following the lead of European air-safety regulators who took similar action earlier this month, the Federal Aviation Administration proposed a directive requiring installation of redesigned oil-cooler systems on certain Boeing 777s by January 2011. Affecting roughly 50 of the widebody aircraft registered in the U.S. and equipped with engines manufactured by Rolls-Royce Plc, the changes are designed to prevent ice from plugging up fuel-system piping. The changes affect parts that cool engine oil and also heat fuel before it enters the engines. AMR Corp.’s American Airlines is a major operator of Roll-Royce equipped Boeing 777s. Twice since January 2008, Boeing 777 jetliners equipped with Rolls-Royce engines and operated by other airlines have experienced so-called thrust rollbacks. In January 2008, a British Airways jet slammed into the ground at London’s Heathrow International Airport after both engines reduced thrust substantially without any command from the pilots. The plane crashed short of a runway and was badly damaged. All 152 aboard survived. The move comes four months after the U.S. National Transportation Safety Board issued urgent recommendations to redesign the oil-cooler system on Rolls-Royce’s widely used Trent 800 engine model. Earlier this year, Boeing and regulators on both sides of the Atlantic issued warnings and interim operational changes to prevent internal ice accumulation from blocking fuel flow to such engines. Rolls-Royce officials have declined to comment on the issue. Source: http://online.wsj.com/article/SB124839381970977579.html


Details

Banking and Finance Sector

15. July 24, Chicago Sun-Times – (Illinois) Developer accused of $10 mil. fraud. A federal grand jury has indicted a Libertyville real estate developer on charges that he scammed banks and investors out of $10 million. The 65-year-old, of Libertyville, owned and operated Forrest Properties Inc., which did real estate development business in the north suburbs, including at shopping centers. The defendant sold investments through limited partnerships and promissory notes including at Lincolnshire Town Center, South Village Green, Glen Gateway Partners and Round Lake Properties. He is accused of fraudulently selling investments in the form of limited partnership interests and short-term, high interest rate promissory notes, which he said were backed, but were not, according to charges. He is also accused of fraudulently obtaining funds and using them in part to make “Ponzi-type payments,” as well as to repay delinquent loans, according to charges. Source: http://www.suntimes.com/news/24-7/1682737,CST-NWS-LAIDLEY24.article


16. July 24, Denver Post – (Colorado) Four firms accused of securities fraud. Four businesses in the oil and gas industry with operations in Colorado are accused of violating anti-fraud, registration and licensing provisions of the Colorado Securities Act, according to a complaint announced on July 23 by the Colorado Securities Commission. The companies — HEI Resources Inc., Gulf Coast Western, Bedrock Energy Development Inc. and Heartland Energy Development Corp. — allegedly defrauded investors nationwide with unregistered securities sold through unlicensed sales representatives. They also failed to disclose actual financial track records, according to the complaint, and made other unsubstantiated statements to investors. How much investors lost is still under review. The companies are accused of operating “boiler rooms” in Colorado, where salesmen made hundreds of daily cold-calls to press the investments, the Colorado securities commissioner said. Also named in the complaint, the securities commissioner said, are the companies’ lawyer and eight individuals associated with them. Source: http://www.denverpost.com/headlines/ci_12903011


17. July 24, Bloomberg – (Illinois) Lubert-Adler may bid for Corus Bank as fate rests with FDIC. Lubert-Adler Partners LP, the Philadelphia-based private-equity firm, may participate in a bid for all or part of Corus Bankshares Inc., the Chicago lender crippled by loans to build condominiums, people familiar with the matter said. Lubert-Adler is among at least four investors weighing bids for Corus, said the people, who asked not to be named because the talks are private. The Federal Deposit Insurance Corp. has indicated that the bank, which said this week it understated its first-quarter loss by $16 million, may be seized as soon as August 6, the people said. “The appeal of these distressed bank deals is buying at a discount with a potential government guarantee on some losses,” said a partner at New York-based law firm Schulte Roth & Zabel LLP, who advises buyout firms on investments in financial institutions. New York developer Related Cos., Thomas Barrack’s Colony Capital LLC and J.C. Flowers & Co. are also mulling bids for Corus. The 51-year-old bank’s fate rests with the FDIC because the lender and its financial adviser, Bank of America Corp., have not been able to find a buyer willing to complete a deal without government assistance. Source: http://www.bloomberg.com/apps/news?pid=20601103&sid=aelbAbfwk_CM


Information Technology


40. July 23, Computerworld – (International) Microsoft admits it can’t stop Office file format hacks. Microsoft’s plan to “sandbox” Office documents in the next version of its application suite is an admission that the company cannot keep hackers from exploiting file format bugs, a security analyst said on July 23. “What’s been happening is that Office has lots of vulnerabilities,” said Gartner’s primary security analyst. “For the past 18 months, hackers have been fuzzing Office file formats,” he said, referring to the practice of “fuzzing,” a tactic that relies on automated tools that drop random data into applications to see if, and where, breakdowns occur. Fuzzing has been a hacker’s best friend: Microsoft has repeatedly had to patch file format vulnerabilities in Office applications, most recently in July when it fixed a flaw in Publisher 2007 and in June, when it patched seven vulnerabilities in Excel and two more in Word. “What’s happening is that the bad guys are using fuzzing tools to find vulnerabilities in Office, and now Microsoft is saying, ‘Okay, we can’t find, let alone fix, every vulnerability. So here’s a way to put a sandbox around the vulnerability.” The sandbox technique mentioned is a new addition to Office 2010, the upcoming upgrade to Microsoft’s bestselling Windows application suite. According to a senior security program manager with the Office team, Office 2010 will sport something called “Protected View” that isolates Word, Excel and PowerPoint files in a read-only environment. The sandbox, said the program manager in a post to a company blog this week, will have “minimal access to the system, and no access to your other files and information. Even if the file is malicious, it can’t get out of the sandbox and do harm to your computer or data.” Source: http://www.computerworld.com/s/article/9135852/Microsoft_admits_it_can_t_stop_Office_file_format_hacks


41. July 22, ScienceDaily – (International) This article will self-destruct: Tool to make online personal data vanish. Computers have made it virtually impossible to leave the past behind. College Facebook posts or pictures can resurface during a job interview. A lost cell phone can expose personal photos or text messages. A legal investigation can subpoena the entire contents of a home or work computer. The University of Washington has developed a way to make such information expire. After a set time period, electronic communications such as e-mail, Facebook posts and chat messages would automatically self-destruct, becoming irretrievable from all Web sites, inboxes, outboxes, backup sites and home computers. Not even the sender could retrieve them. The team of UW computer scientists developed a prototype system called Vanish that can place a time limit on text uploaded to any Web service through a Web browser. After a set time text written using Vanish will, in essence, self-destruct. A paper about the project went public on July 22 and will be presented at the Usenix Security Symposium Aug. 10-14 in Montreal. The Vanish prototype washes away data using the natural turnover, called “churn,” on large file-sharing systems known as peer-to-peer networks. For each message that it sends, Vanish creates a secret key, which it never reveals to the user, and then encrypts the message with that key. It then divides the key into dozens of pieces and sprinkles those pieces on random computers that belong to worldwide file-sharing networks, the same ones often used to share music or movie files. The file-sharing system constantly changes as computers join or leave the network, meaning that over time parts of the key become permanently inaccessible. Once enough key parts are lost, the original message can no longer be deciphered. In the current Vanish prototype, the network’s computers purge their memories every eight hours. (An option on Vanish lets users keep their data for any multiple of eight hours.) Unlike existing commercial encryption services, a message sent using Vanish is kept private by an inherent property of the decentralized file-sharing networks it uses. Source: http://www.sciencedaily.com/releases/2009/07/090721113309.htm

Communications Sector

45. July 22, Rocky Mountain Telegram – (Colorado) Police probe false bomb threats. Authorities responded to two false bomb threats within ten minutes of each other on July 22 in separate sections of the city, Rocky Mountain. A bomb threat against Old Navy in Cobb Corners was received at 12:40 p.m., and a threat against City Trends on Main Street was received at 12:51 p.m., Rocky Mount police said. “Both the police department and the fire department responded — but nothing was discovered, and no one was harmed,” the officer said. “Nothing suspicious was indicated at the time.” The area around Cobbs Corners was cordoned off as police searched the store. “We had units standing by at both spots until police cleared the locations,” the Rocky Mount Fire Battalion chief said. “Within about 45 minutes of each one, the police units advised us they had checked them and hadn’t found anything.” Both threats were made by telephone, and authorities are not certain if the two cases are related, he added. The Suddenlink Communications office on West Mount Drive was evacuated for about an hour July 15 after a bomb threat was made against it, but nothing suspicious was found on the premises. Source: http://www.rockymounttelegram.com/news/police-probe-false-bomb-threats-733217.html