Department of Homeland Security Daily Open Source Infrastructure Report

Tuesday, August 11, 2009

Complete DHS Daily Report for August 11, 2009

Daily Report

Top Stories

 According to the Associated Press, nine people were killed as a small plane and a sightseeing helicopter collided on Saturday in the skies of Manhattan, New York. (See item 15)

15. August 10, Associated Press – (New York) Hudson divers seek 2 victims, hope to raise plane. Divers hope to pull a plane out of the Hudson River on August 10, but their first priority is to recover the bodies of two remaining victims of the air collision that killed nine people, a chief investigator said. A Pennsylvania family and an Italian tourist group were killed on the August 8 crash of the small plane and a sightseeing helicopter in the busy skies of Manhattan. Seven bodies were recovered — one teenage passenger on the plane and all six people aboard the helicopter. Divers resumed their for the plane’s pilot and an adult passenger on Monday. National Transportation Safety Board (NTSB) chief said on NBC’s “Today” show that investigators will eventually examine the aircraft’s structural integrity and will try to determine how the initial impact occurred. The chief declined to speculate about the cause of the crash, the worst air disaster in New York City since a commercial jet crash in Queens killed 265 people in November 2001. The investigation is expected to take months. The plane took off from the Teterboro Airport in New Jersey shortly before noon. The chief said it was not required to have a flight plan and did not file one. The plane was flying at about 1,100 feet at the time of the crash, she said. Below that altitude, planes in that part of the Hudson River corridor are to navigate visually. Above that, they need clearance from air traffic controllers. Source:

 CNN reports that more than 250 inmates were injured in a riot that erupted Saturday night at the California Institution for Men in Chino, California. (See item 30)

30. August 9, CNN – (California) 250 inmates hurt, 55 hospitalized after California prison riot. More than 250 inmates were injured in a riot that erupted Saturday night at the California Institution for Men in Chino, a spokesman said Sunday. None of the facility’s employees was hurt in the melee, which broke out at about 8:20 p.m. Saturday at the Reception Center West facility, he said. Guards used pepper spray, “less lethal force, and lethal force options” to regain control by 7 a.m. Sunday. The scene of the violence was the medium-security housing facility with seven units, each of which houses about 200 inmates, he said. Fifty-five inmates were taken to area hospitals with serious injuries. Some 80 officers responded to the riot, during which a housing unit was heavily damaged by fire, he said. Source:


Banking and Finance Sector

12. August 10, Boston Business Journal – (Massachusetts) Citi, Bank of America say Massachusetts customers hit by potential data-security breaches. Two of the largest U.S. banks, Bank of America Corp. and Citigroup Inc., recently issued new credit and debit cards to customers after running into data safety concerns. Bank of America and Citigroup each recently issued replacement cards to consumers, telling them in letters that their account numbers may have been compromised. “We have learned that account information from certain Bank of America debit cards may have been compromised at an undisclosed third-party location,” Bank of America said in a recent letter to Massachusetts customers. As an added measure of security, Bank of America issued a replacement debit card. “Your old card will be closed and usable within five days from receipt of this letter,” Bank of America said. Meanwhile, Citigroup told Massachusetts credit card customers “your account number may have been illegally obtained as a result of a merchant database compromise and could be at risk for unauthorized use.” Source:

13. August 10, Information Management Online – (National) Industry panels push for national data repository to help monitoring of “systemic risk.” The American Statistical Association and the Enterprise Data Management Council are pushing for a new U.S. federal agency to build and oversee a centralized repository to maintain information on financial transactions, trade positions and other data necessary to monitor systemic risk, according to a petition posted by the council. The data would be maintained by a National Institute of Finance (NIF), which would be organized under the U.S. President’s Administration’s proposed “systemic risk regulator.” The goal of the repository is to prevent regulators looking at disparate proprietary data sets which could lead to a flawed analysis. Data managers maintain that keeping accurate trade and counterparty data are critical elements for reducing an array of market and other risk factors surfacing in the recent economic crisis. Promoting the new institute is the Committee to Establish the National Institute of Finance, which the EDM Council described as a “coalition of industry academia and other interested parties.” A petition to create the NIF has been posted here. “The good news is that the NIF is gaining serious traction among legislators and key regulators,” said the EDM Council’s chairman in a letter to members of the risk and data management industries. “The EDM Council is contributing to this initiative to maximize the collective effectiveness in the competition for the ear of Congress as it debates the make-up of the new regulatory environment.” Source:

14. August 8, CNN – (National) 3 regional banks fail. Three regional banks failed on August 7, bringing the 2009 tally to 72, the Federal Deposit Insurance Corporation said. Two Florida banks – First State Bank, of Sarasota, and Community National Bank of Sarasota County, in Venice, – and one Oregon bank – Community First Bank, of Prineville – closed on August 7. St. Cloud, Minnesota-based Stearns Bank, N.A., will assume control of the assets of both Florida banks, and Home Federal Bank, of Nampa, Idaho will assume the assets of the Oregon bank,the FDIC said. The failure of First State Bank – which as of May 31 held assets worth $463 million and total deposits of $387 million – will cost the Deposit Insurance Fund an estimated $116 million, according to the FDIC. Community National had total assets of $97 million and total deposits of approximately $93 million as of June 30, and its closure will cost $24 million, the FDIC said. Community First Bank had total assets of $209 million and total deposits of approximately $182 million. In addition to assuming all of the deposits of the failed bank, Home Federal Bank agreed to purchase approximately $197 million of assets, the FDIC said. The FDIC estimates that this closure will cost the Deposit Insurance Fund $45 million Source:

Information Technology

32. August 10, Spamfighter News – (National) New study finds computer virus ‘Zeus Bot’ in Internet postcards. The director of computer forensics at the University of Alabama at Birmingham (UK) said bogus postcards circulating on the Internet to reach people’s inboxes globally contain links that lead to the PC virus Zeus Bot. The director said the e-mails are typically designed and their subject lines suggest that they have been sent from the 1001 Postcards website. He also said the phony postcards direct recipients to follow a link to view its contents, however, the moment the click button is pressed; the Zeus Bot virus unleashes itself on the users’ PCs. Thereafter when infection sets in, the malware enables cyber criminals to intercept banking passwords along with account numbers, and e-mail as well as other sensitive account details of users. Furthermore, the director stated that cyber criminals in the current incident were using the Russian language software for Zeus Bot and were utilizing postcards like never before to download and install the virus program on the computers of unwitting users. With the virus getting settled on a PC, the computer is conveniently added to the Zeus Botnet and the malware steals all data that the victim enters into a website. By utilizing an image user interface, the virus monitors the infected systems across the globe while its tools let crooks choose stolen accounts related to banks according to their priority for attack. Source:

33. August 8, The Register – (National) U.S. appeals court cans CAN-SPAM suit. In a decision that could make it harder for internet users to take spammers to court, a federal appeals court has upheld the dismissal of a lawsuit against a company that sent a man more than 13,000 unsolicited emails. A three-judge panel from the Ninth US Circuit Court of Appeals agreed with a lower-court judge that under a federal law that went into effect in 2004, the plaintiff lacked standing to sue online marketing business Virtumundo. The panel ruled that under the Controlling the Assault of Non-Solicited Pornography and Marketing, or CAN-SPAM, act, lawsuits can only be brought by select law-enforcement agencies and providers of an IAS, or “internet access service.” The judges went on to dismiss claims the plaintiff brought under a separate Washington-state law forbidding deceptive commercial emails, holding that that CAN-SPAM preempted the law. The state statute allowed private individuals to sue people who send them deceptive marketing emails that were unsolicited. The net effect, legal experts said, is that internet users will have fewer options for taking legal action against spammers. “It is going to be harder for individuals to sue companies that send them spam because trying to shoehorn a claim under statutes prohibiting deception will be looked on by courts with skepticism,” said an attorney at Wilson Sonsini Goodrich&Rosati who helped draft the Washington law. Critics have long complained that CAN-SPAM was full of so many loopholes that it had little effect on the torrent of spam that lands in inboxes everyday. The Ninth Circuit’s decision is only likely to strengthen those claims. It will set a higher bar for individuals who want to invoke it in lawsuits. Specifically, they will have to show they are an IAS and will then have to show they faced significant harm as a result of receiving spam. Source:

Communications Sector

34. August 7, Data Center Knowledge – (New York) Water main break floods key NYC telecom hub. A major water main break in New York has flooded streets near 60 Hudson Street, one of the most important communications buildings in Manhattan. The flood resulted in more than three feet of water in part of the basement of 60 Hudson, which houses data centers and telecom hubs for more than 100 communications companies. New York emergency officials are aware of the building’s strategic importance and using sandbags to try and limit water damage at the building. Early reports from Telx, one of the major tenants at 60 Hudson, reports no major operational impact from the flooding. “Telx is and has been in normal operation,” the company said in a statement. “The company’s vault was unaffected because Telx is served from the mezzanine level. Water has subsided in basement, but the company has the on-site facility crew ready to implement emergency procedures if need be.” The incident began at 2:20 a.m., when a 12-inch water main broke near West Broadway and Duane streets, flooding local streets and filling some local basements with as much as four feet of water. Source: