Department of Homeland Security Daily Open Source Infrastructure Report

Friday, July 31, 2009

Complete DHS Daily Report for July 31, 2009

Daily Report

Top Stories

 According to the Associated Press, one person was killed and several injured in an explosion on Wednesday at Mueller Industries, a copper tubing plant, in Fulton, Mississippi. (See item 9)

9. July 29, Associated Press – (Mississippi) 1 dead, several hurt in Miss. copper tubing plant explosion. One person was killed and others injured in an explosion on July 29 at a copper tubing plant in northeast Mississippi, emergency officials said. An official with Mueller Industries said the company in Fulton is still assessing the damage. Authorities were unsure how the explosion happened. The plant was evacuated after the blast and the fire extinguished about an hour later. Officials said a hazmat team decontaminated people who had chemicals on them. Memphis, Tennessee-based Mueller Industries makes copper tube and fittings, among other products. Source:,w-mississippi-copper-tubing-plant-explosion-072909.article

 WFAA 8 Dallas reports that the Federal Aviation Administration confirmed that it will require 1,400 airplane mechanics certified at Tobias Aerospace Services in San Antonio, Texas to retest or have their licenses revoked. FAA officials said they became concerned last fall that mechanics were being improperly licensed at the airplane mechanic testing facility. (See item 17)

17. July 30, WFAA 8 Dallas – (Texas) FAA to order retesting of 1,400 airplane mechanics. The Federal Aviation Administration (FAA) confirmed that it will require 1,400 airplane mechanics certified at a San Antonio facility to retest or have their licenses revoked. FAA officials said they became concerned last fall that mechanics were being improperly licensed at Tobias Aerospace Services, an airplane mechanic testing facility. Their concerns were triggered by the unusually high success rate and volume of mechanics tested and certified by an individual who is an FAA-designated mechanical examiner. Tobias has certified mechanics for eight years. Possible conflicting test dates and paperwork irregularities submitted by Tobias and mechanic applicants spurred further FAA questions. “In the course of reviewing the airmen’s applications and the certificates that were issued, the inspectors began to have a number of questions about the qualifications of those applications,” said an FAA flight standards regional manager in Dallas. Records show mechanics traveled to Tobias Aerospace from all over the United States, Asia, Latin America and South America to undergo oral and practical examinations. Tobias certified 150 to 250 mechanics each year; one year about 300 were certified. The controversy surrounding the retesting spreads far beyond Texas to Boeing in Seattle. Several Boeing mechanics told News 8 that they came to Tobias Aerospace to gain certification in order to command higher wages once they passed the test. Now they will have to be recertified. Boeing and FAA officials said the mechanics in question should not raise safety concerns because they assemble planes with multiple levels of supervision and quality assurances. Records show Tobias is no longer an examiner. The FAA shut down Tobias Aerospace when it began investigating last fall. Source:


Banking and Finance Sector

14. July 30, Wall Street Journal – (National) Senate probes banks for meltdown fraud. A Senate panel has subpoenaed financial institutions, including Goldman Sachs Group Inc. and Deutsche Bank AG, seeking evidence of fraud in last year’s mortgage-market meltdown, according to people familiar with the situation. The congressional investigation appears to focus on whether internal communications, such as email, show bankers had private doubts about whether mortgage-related securities they were putting together were as financially sound as their public pronouncements suggested. Collapsing values for many of those securities played a big role in precipitating last year’s financial crisis. According to people familiar with the matter, the Senate Permanent Subcommittee on Investigations also has issued a subpoena to Washington Mutual Inc., a Seattle thrift that was seized by regulators in last year’s financial crisis and is now largely owned by J.P. Morgan Chase & Co. It appears likely that several other financial institutions also have received subpoenas. Subcommittee investigators declined to comment. A Goldman Sachs spokesman declined to comment on the subpoena. Deutsche Bank didn’t immediately respond to a request for comment. The subpoenas are the latest in a series of moves by Congress to trace the roots of the financial crisis. Source:

15. July 30, Wall Street Journal – (National) FDIC poised to split banks to lure buyers. The Federal Deposit Insurance Corp., grappling with the worst banking crisis since the 1990s, is poised to start breaking failed financial institutions into good and bad pieces in an effort to drum up more interest from prospective buyers. The strategy, which is likely to begin soon, is aimed at selling the most distressed hunks of failed banks to private-equity firms and other types of investors who may be more willing than traditional banks to take a flier on bad assets. The traditional banks could then bid on the deposits, branches and other bits of the failed institution that are appealing. “We want banks to participate in the resolution process, but we know it’s a tough time for banks to participate in the resolution process,” said a senior adviser to the FDIC Chairman. He made the comments on July 29 during a presentation to a community-banking conference in New York sponsored by Keefe, Bruyette & Woods Inc., a boutique investment firm that specializes in financial services. Regulators have seized 64 banks this year as the credit crisis continues to wreak havoc on small institutions that have been hit hard by the collapse in housing prices and deteriorating commercial real estate. Although the banks are technically seized by other regulators, it is the FDIC’s job to dispose of the assets in a cost-effective manner. The FDIC has found buyers for most of the failed institutions, but many prospective bidders are leery of taking on bad loans from a shuttered bank. That remains the case despite the FDIC’s efforts to encourage bidders by providing loss-sharing agreements in about 40 of this year’s bank failures. Source:

Information Technology

33. July 29, Spamfighter News – (International) Computer virus Hidrag.a rapidly spreading across networks. Security researchers have found Hidrag.a, a computer virus, which spreads through browser exploits, network shares and IRC (Internet Relay Chat), as reported by Pc1news on July 10, 2009. Researchers state that once the virus is executed, it stays inside the system’s memory and attempts to infect .scr and .exe files running on the infected PC. In addition, Hidrag.a might establish a backdoor that allows an intruder to make an unhindered entry to the infected computer, putting possible banking and financial data at risk. After execution, Hidrag.a makes its own duplicate copy of approximately 36K in size and plants it on the Windows directory by naming it svchost.exe, according to the researchers. Following this, the virus registers the ‘.exe’ file within the auto-run key of the PC’s registry. The researchers also state that Hidrag.a has a connection with various other files like setup.exe, malware.exe and NoDNS.exe. In fact, other security companies also analyzed this virus. While Symantec and McAfee refer Hidrag.a as W32.Jeefo, Microsoft refers it as Jeefo.A. Other names given to Hidrag.a are Jeefo-3, Virus.Parite.B, TROJ_FLOOD.AF, and so on. Meanwhile, the security researchers said, the malicious Hidrag.a virus has caused the maximum number of infections in the United States where an aggregate of 43,601 strains of malevolent web traffic has been reported. China, which follows the United States, has as many as 42,597 strains of malevolent traffic owing to Hidrag.a. Along with these nations, Brazil, Japan and India are other countries that are infected with the malicious Hidrag, while the United Kingdom, Germany, France, Italy and Russia have also been infected. Source:

34. July 29, CNET News – (International) Report finds fake antivirus on the rise. Malware posing as antivirus software is spreading fast with tens of millions of computers infected each month, according to a report to be released on July 29 from PandaLabs. PandaLabs found 1,000 samples of fake antivirus software in the first quarter of 2008. In a year, that number had grown to 111,000. And in the second quarter of 2009, it reached 374,000, the technical director of PandaLabs said in a recent interview. “We’ve created a specific team to deal with this,” he said, of the rogue antivirus software that issues false warnings of infections in order to get people to pay for software they don’t need. The programs also typically download a Trojan or other malware. PandaLabs found that 3 percent to 5 percent of all the people who scanned their PCs with Panda antivirus software were infected. Using that and worldwide computer stats from Forrester, PandaLabs estimates there could be as many as 35 million computers infected per month with rogue antivirus programs. About 3 percent of the people who see the fake warnings fall for it, forking over $50 for an annual license or $80 for a lifetime license, according to the technical director. Last September, a hacker was able to infiltrate rogue antivirus maker Baka Software and discovered that in one period an affiliate made more than $80,000 in about a week, said a PandaLabs threat researcher. A Finjan report from March estimated that fake antivirus distributors can make more than $10,000 a day. Source:

35. July 28, Windows IT Pro – (International) User feedback leads to network resiliency in SQL Server backup tool. British developer Red Gate Software has released the latest version of its SQL Backup tool with new network resilience functions, self-healing log shipping and improved compression capabilities. The Cambridge-based firm encourages interaction with its customers and the wider database admin and developer community with initiatives like its popular website. It says that the software’s new version 6 features are a response to feedback from users who complain about continued reliance on flaky networks. If there is a hiccup on the line when they are writing backups across networks then it is nearly always a case of having to start all over again. RedGate’s SQL Backup Pro 6 product manager explains: “Let’s say you’ve transferred half the file across the network and then there’s a temporary outage in the network, SQL Backup will pause for a configured length of time, maybe thirty seconds, and then try again and it will do that ten times. Those are both configuration settings that you can adjust. And when it tries again, if it makes a connection, if it was just a short-term outage, it then picks up from where it’s already transferred, so if you’d already transferred half the file it then tries to transfer the remaining half.” Many DBAs use log shipping as a way of keeping a standby copy of a SQL Server instance on a separate machine, often at a disaster recovery site. Again, connection can be low-bandwidth and suffer from outages that can disrupt this process, meaning manual fixes often have to be made after the fact. Source:

Communications Sector

Nothing to report.