Department of Homeland Security Daily Open Source Infrastructure Report

Tuesday, September 1, 2009

Complete DHS Daily Report for September 1, 2009

Daily Report

Top Stories

 KPIX 5 San Francisco and Bay City News report that an ammonia leak at the meat processing Columbus Salame plant in San Francisco injured 24 people and caused evacuations and road closures for several hours the morning of August 28. (See item 22)


22. August 28, KPIX 5 San Francisco and Bay City News – (California) 2 dozen hurt in South SF ammonia leak. An ammonia leak at a meat processing plant injured 24 people — including eight who were hospitalized — and caused evacuations and road closures for several hours Friday morning in an industrial area of South San Francisco, according to a fire marshal. The leak was reported at about 5:45 a.m. at the Columbus Salame plant, the fire marshal said. The leak caused authorities to close several roads, preventing hundreds of businesses from operating and thousands of people from traveling through the area. All roads were reopened by about 10:40 a.m. and people were being allowed to re-enter their businesses. Columbus Salame’s president said the leak was discovered on the roof of the building. The company is upgrading the ammonia system at the plant, and the contractor doing the work arrived Friday morning and realized something was amiss as he went up to the roof to begin working, the president added. An employee at the nearby Budweiser facility arrived at 7 a.m. to find the area closed off. The shutdown occurred on the plant’s busiest day of the week, he said. The bulk of their beer deliveries happen Friday morning so stores can be stocked for the weekend. Source: http://cbs5.com/local/SSF.ammonia.leak.2.1149426.html


 According to the Associated Press, firefighters tried on Monday to hold back a massive wildfire from consuming thousands of Los Angeles-area homes, a crucial communications center, and Mount Wilson Observatory. The blaze has scorched 71 square miles in the Angeles National Forest. (See item 43)


43. August 31, Associated Press – (California) Huge blaze threatens 12,000 LA-area homes; 2 dead. Firefighters tried on August 31 to hold back a massive wildfire from consuming thousands of Los Angeles-area homes and a crucial communications center as they mourned two firefighters killed when their vehicle rolled down a mountain. About 12,000 homes, as well as communications and astronomy centers atop Mount Wilson, were threatened by fire. At least 6,600 homes were under mandatory evacuation orders Sunday night and over 2,500 firefighters were battling the flames. On the blaze’s northwestern front, two firefighters were killed on August 30 on Mount Gleason near the city of Acton. The blaze was only about 5 percent contained late on August 30 and had scorched 71 square miles in the Angeles National Forest. Mandatory evacuations were in effect for neighborhoods in Glendale, Pasadena and other smoke-choked cities and towns north of Los Angeles. At least 18 homes were destroyed in the fire and firefighters expected to find many more, authorities said. On Mount Wilson, crews cleared brush and sprayed retardant in an attempt to ward off flames approaching the transmitters of more than 20 television stations, many radio stations and cell phone providers, said a U.S. Forest Service Captain. Television stations said if the antennas burn broadcast signals would be affected but satellite and cable transmissions would not be. Two giant telescopes and several multimillion-dollar university programs are housed in the century-old Mount Wilson Observatory. The complex of buildings is both a historic landmark and a thriving modern center for astronomy. The fire had blackened 275 acres amid high winds and was 50 percent contained Sunday night, a CalFire spokesman said. The governor declared a state of emergency in the Sierra foothills area because of the fire, which began on August 30. Source: http://www.google.com/hostednews/ap/article/ALeqM5gZ8Zlj-J4JAGBVX44URTwVV53E0QD9ADS7L80


Details

Banking and Finance Sector

12. August 29, Bloomberg – (National) Regulators shutter three U.S. banks, bringing 2009 toll to 84. Regulators closed banks in California, Maryland and Minnesota on August 28, pushing U.S. bank failures to 84 this year amid continuing fallout from the worst economic crisis since the Great Depression. The Federal Deposit Insurance Corp. was named receiver for Affinity Bank of Ventura, California, Bradford Bank of Baltimore and Mainstreet Bank of Forest Lake, Minnesota, after the closings, the FDIC said. Assets of $1.9 billion and deposits of $1.7 billion from the three banks were turned over to new lenders at a total cost of about $446 million to the FDIC’s deposit insurance fund, according to agency statements. Regulators have closed banks at the fastest pace in 17 years and more are likely as losses mount from soured real- estate debt. A total of 416 banks with combined assets of $299.8 billion failed the FDIC’s grading system for asset quality, liquidity and earnings in the second quarter, the most since June 1994, the regulator said in a report August 27. Pacific Western Bank of San Diego will assume the deposits of Affinity Bank, the FDIC said. Affinity, with $1 billion in assets and $922 million in deposits, had 10 branches. Two, based in San Mateo and San Francisco, will open today as Pacific Western branches; the rest will open August 31 under new ownership, according to the FDIC. The regulator agreed to share losses on $934 million of the assets. Central Bank of Stillwater, Minnesota, assumed $434 million in deposits at Mainstreet Bank, the FDIC said. Central Bank will pay a premium to purchase Mainstreet’s $459 million in assets, with the FDIC sharing losses on about $268 million. Mainstreet’s eight branches will open today as Central offices. Source: http://www.bloomberg.com/apps/news?pid=20601087&sid=aSdMMGzkt1do


3. August 28, Associated Press – (Pennsylvania) W.Pa. man accused of multimillion dollar scam. A western Pennsylvania man has been charged in federal court with fraud and tax evasion in a scam that prosecutors say led shareholders to lose more than $200 million. The defendant of Leechburg appeared in court on August 28 where a 20-count indictment was unsealed. The 35-year-old is accused of diverting funds from World Health Alternatives, Inc. to his personal bank account while serving as president and chief executive officer between 2003 and 2005. Prosecutors say that in the week between August 12, 2005 and August 19, 2005, when it became known the company’s finances were being investigated, World Health’s stock price plummeted from $3.55 per share to 49 cents. They estimate this caused shareholders to lose more than $200 million. Source: http://www.philly.com/philly/wires/ap/news/state/pennsylvania/20090828_ap_wpamanaccusedofmultimilliondollarscam.html


14. August 28, Associated Press – (National) Hacker in massive card data theft pleads guilty. A computer hacker accused of masterminding one of the largest cases of identity theft in U.S. history agreed on August 28 to plead guilty and serve up to 25 years in federal prison for his crimes. The guilty party of Miami was charged with conspiracy, wire fraud and aggravated identity theft charges in federal courts in New York and Boston. Court documents filed in federal court in Boston indicate the 28-year-old agreed to plead guilty to 19 counts and combine the two cases in federal court in Massachusetts. Additional charges against the guilty party are still pending in New Jersey, but they are not currently part of the plea deal. The Miami man is accused of swiping the credit and debit card numbers of more than 170 million accounts; officials said Gonzalez was the ringleader of a group that targeted large companies such as T.J. Maxx, Barnes and Noble, Sports Authority and OfficeMax, among others. Indictments in New York and Massachusetts said that he and two foreign co-defendants used hacking techniques that involved “wardriving,” or cruising through different areas with a laptop computer and looking for retailers’ accessible wireless Internet signals. Once they located a vulnerable network, the hackers installed “sniffer programs” that captured credit and debit card numbers as they moved through a retailer’s processing computers — then tried to sell the data overseas. Source: http://www.msnbc.msn.com/id/32600043/ns/technology_and_science-security/


Information Technology


41. August 31, ITProPortal – (International) Hackers penetrate Apache project server using SSH vulnerability. The website of Apache Project went offline for several hours last weekend after some anonymous hackers reportedly uploaded and executed malicious codes on the website’s servers. The hackers seemingly employed a stolen SSH authentication key linked with a backup account to compromise one of the website’s servers, forcing the Apache Project’s Infrastructure team to take the servers offline for hours. The attack kicked off on August 28 and aimed at the minotaur.apache.org, also referred to as people.apache.org server, which is the “seed host for most apache.org websites” and further hosts the accounts for its entire developer community, according to Apache team. Hackers broke into the server running Free-BSD 7-Stable using the SSH key associated with a backup account. However, they did not manage to escalate the account’s privileges on the compromised server. As of now, it’s not clear whether any code on the website of Apache was actually altered, and how the attack was performed or who was behind it. However, the issue with the website was fixed after DNS records were modified so that its Europe-based servers instead of main site in the US were carrying the entire load. The infrastructure team of the website said: “At this time several machines remain offline, but most user facing websites and services are now available”. Source: http://www.itproportal.com/security/news/article/2009/8/31/hackers-penetrate-apache-project-server-using-ssh-vulnerability/


42. August 29, The Register – (International) Snow Leopard security: The good, the bad and the missing. Apple Engineers missed a key opportunity to implement an industry-standard technology in their latest operating system that would have made it more resistant to hacking attacks, three researchers have said. Known as ASLR, or address space layout randomization, the measure picks a different memory location to load system components each time the OS is started. While Microsoft has had it implemented since the roll-out of Windows Vista, the analogous protection in Snow Leopard, which went on sale on August 28, suffers from a crucial deficiency: It fails to randomize core parts of the OS, including the heap, stack and dynamic linker. That means that attackers who identify buffer overflows and similar bugs in OS X components have a much better chance of causing the vulnerability to execute malicious code that compromises the machine. The halfhearted attempt at implementing ASLR has been a chief complaint of security researchers since Snow Leopard’s predecessor. Many had hoped it would be made more robust in the new version. “ASLR is really only useful if EVERYTHING is randomized,” the co-author of The Mac Hacker’s Handbook, wrote in an email to The Register. “If there is anything that is not randomized, it defeats the purpose mostly. This is a major shortcoming of Apple, and I’m disappointed they didn’t take this opportunity to implement full ASLR.” One possible weakness with the new DEP offering: parts of the Safari browser remain both writable and executable, a short coming that may make it easier for attackers to strike at one of the most targeted Apple applications. Source: http://www.theregister.co.uk/2009/08/29/snow_leopard_security/


For another story, see item 47 below


Communications Sector

43. August 31, Associated Press – (California) Huge blaze threatens 12,000 LA-area homes; 2 dead. Firefighters tried on August 31 to hold back a massive wildfire from consuming thousands of Los Angeles-area homes and a crucial communications center as they mourned two firefighters killed when their vehicle rolled down a mountain. About 12,000 homes, as well as communications and astronomy centers atop Mount Wilson, were threatened by fire. At least 6,600 homes were under mandatory evacuation orders Sunday night and over 2,500 firefighters were battling the flames. On the blaze’s northwestern front, two firefighters were killed on August 30 on Mount Gleason near the city of Acton. The blaze was only about 5 percent contained late on August 30 and had scorched 71 square miles in the Angeles National Forest. Mandatory evacuations were in effect for neighborhoods in Glendale, Pasadena and other smoke-choked cities and towns north of Los Angeles. At least 18 homes were destroyed in the fire and firefighters expected to find many more, authorities said. On Mount Wilson, crews cleared brush and sprayed retardant in an attempt to ward off flames approaching the transmitters of more than 20 television stations, many radio stations and cell phone providers, said a U.S. Forest Service Captain. Television stations said if the antennas burn broadcast signals would be affected but satellite and cable transmissions would not be. Two giant telescopes and several multimillion-dollar university programs are housed in the century-old Mount Wilson Observatory. The complex of buildings is both a historic landmark and a thriving modern center for astronomy. The fire had blackened 275 acres amid high winds and was 50 percent contained Sunday night, a CalFire spokesman said. The governor declared a state of emergency in the Sierra foothills area because of the fire, which began on August 30. Source: http://www.google.com/hostednews/ap/article/ALeqM5gZ8Zlj-J4JAGBVX44URTwVV53E0QD9ADS7L80


44. August 31, Florida Freedom Newspapers – (Florida) Off the air: Inmate work crew cuts the cord on Destin’s Beach Radio. The waves rolling off the tower of Beach Radio, “Destin’s Progressive Talk,” came to a dead stop recently when an inmate working for the city of Niceville cut the station’s transmission line with a Bush Hog. “I don’t even know why they came on the property to Bush Hog, because it’s not city property,” said the manager of the station at 1120 AM. The manager started getting calls from listeners wondering what happened to the signal from the station’s tower on Cedar Avenue in Niceville. “We have an inmate crew that works for us that cleans up some of these weedy areas,” said the Niceville Public Works Director. “They were doing some work in that area and I heard it happened.” A Niceville city electrician said the prison work crew was trimming the grass by the radio tower on August 24 when the line was cut. Niceville contacted nearby property owners who might have been affected by the cut line, but Beach Radio learned about the outage from listeners. Source: http://www.nwfdailynews.com/news/destin-20163-air-inmate.html


45. August 28, Associated Press – (Maryland) Lightning damages Md. emergency radio tower. Emergency workers in three Eastern Shore counties are getting help from a backup radio system after a lightning strike damaged a radio tower. The Queen Anne’s County emergency management chief says lighting hit the tower in Wye Mill that serves emergency services in Queen Anne’s, Caroline, and Talbot counties as a line of storms moved through the area around 6 a.m. on August 28. He says the tower that supports the tri-county communication system has limited capabilities while the damaged electronics are repaired and bypassed. Meanwhile, he says emergency services are using a national call channel system to keep operations normal. Source: http://wjz.com/wireapnewsmd/Lightning.strike.damages.2.1149229.html


46. August 28, The Register – (International) Mobile operators pooh-pooh universal phone-snooping plan. Mobile operators have struck back at organizers of an open-source project that plans to crack the encryption used to protect cell phone calls, saying they are a long way from devising a practical attack. “The theoretical compromise presented at the Black Hat conference requires the construction of a large look-up table of approximately 2 Terabytes - this is equivalent to the amount of data contained in a 20 kilometre high pile of books,” the group, which represents almost 800 operators in 219 countries, said in a statement issued on August 28. “In theory, someone with access to the data in such a table could use it to analyse an encrypted call and recover the encryption key.” The GSMA went on to say that even if such a table were built, the researchers still would need to build a complex radio receiver to process the raw radio data. The vast majority of world’s cell phone calls are protected by an algorithm known as A5/1 that has been in existence for more than a decade, said the project leader, a cryptography expert and a researcher at the University of Virginia. Because it hails from the cold-war era when export laws prohibited the exportation of strong cryptography, the cipher is relatively trivial to break using a large number of networked computers. More recently, cell phone makers have folded a newer cipher known as A5/3 into handsets to protect internet communications. Because its key is twice as long as A5/1, it’s about a quintillion times harder to break, the project leader estimates. But despite the uncontested superiority of the newer algorithm, handset manufacturers still cling to the older one to protect voice calls. The GSM rainbow table project was announced at the recent Black Hat security conference in Las Vegas. “I’m puzzled by the GSMA’s attempt to hide behind the alleged inability of hackers to snoop GSM traffic,” the project leader wrote in an email to reporters. “This is 20 years old technology that ships in billions of handsets. The GSMA should take the hacker community and its current interest in GSM technology more serious.” Source: http://www.theregister.co.uk/2009/08/28/mobile_phone_snooping_plan/


47. August 28, FOX News – (National) Senate bill would give President emergency control of Internet. A Senate bill would offer the U.S. President emergency control of the Internet and may give him a “kill switch” to shut down online traffic by seizing private networks, a move cybersecurity experts worry will choke off industry and civil liberties. Details of a revamped version of the Cybersecurity Act of 2009 emerged late on August 27, months after an initial version authored by a Senator from West Virginia was blasted in Silicon Valley as dangerous government intrusion. “In the original bill they empowered the president to essentially turn off the Internet in the case of a ‘cyber-emergency,’ which they didn’t define,” said the president of the Internet Security Alliance, which represents the telecommunications industry. He said the new version of the bill that surfaced on August 27 is improved from its first draft, but troubling language that was removed was replaced by vague language that could still offer the same powers to the President in case of an emergency. “The current language is so unclear that we can’t be confident that the changes have actually been made,” he said. The new legislation allows the President to “declare a cybersecurity emergency” relating to “non-governmental” computer networks and make a plan to respond to the danger, according to an excerpt published online. Source: http://www.foxnews.com/politics/2009/08/28/senate-president-emergency-control-internet/