Department of Homeland Security Daily Open Source Infrastructure Report

Friday, September 4, 2009

Complete DHS Daily Report for September 4, 2009

Daily Report

Top Stories

 According to the Fort Worth Star-Telegram, trucks and equipment worth about $8 million were destroyed Tuesday in an “explosive fire” at a natural gas drilling site operated by Chesapeake Energy in Johnson County, Texas. (See item 3)

3. September 2, Fort Worth Star-Telegram – (Texas) ‘Explosive fire’ at gas drilling site northwest of Joshua destroys $8 million in equipment. Trucks and equipment worth about $8 million were destroyed late September 1 in what officials described as an “explosive fire” at a natural gas drilling site northwest of Joshua, Texas. The fire started in one of eight Kenworth trucks parked at the site operated by Chesapeake Energy in the 3200 block of County Road 913, said an emergency management coordinator for Johnson County. No natural gas contributed to the fire, which was reported about 11:15 p.m., said a Johnson County sheriff’s spokesman. Flames, however, spread to the other trucks, which were parked close to each other, he said. In addition to the trucks, pumps, blenders and other equipment used in the hydraulic fracturing of gas wells were destroyed. Firefighters came from Joshua, Briar Oaks, Mid North, Godley, Bono, Burleson, Cleburne and Tarrant County. They were needed to haul water and operate long-distance nozzles and aerial ladder trucks. The blaze had to be fought at a distance to protect the firefighters, but not because it was a natural gas drilling site. “There were trucks in there with diesel tanks on them,” he said. “All those trucks have two or three fuel tanks on them. We had a couple explosions.” The fire’s cause was still being investigated, said a Chesapeake spokeswoman. Source:

 According to a Water Technology Online analysis of recent local reports, wildfires raging near Los Angeles in the San Gabriel Canyon could have long-term adverse effects on the drinking water supply for more than one million people. The Morris Fire destroyed at least 1,800 acres of vegetation, which now exposes the San Gabriel and Morris reservoirs to threats from increased erosion. (See item 20)

20. September 2, Water Technology Online – (California) CA water risk: Wildfires denude mountains. Recent wildfires raging near Los Angeles in the San Gabriel Canyon could have long-term adverse effects on the drinking water supply for more than 1 million people, according to recent local reports. reported on August 27: “Post-fire erosion and accelerated sedimentation — not pollution — are the primary concerns to water officials.” The Morris Fire in San Gabriel Canyon destroyed an estimated 1,800 acres or more of vegetation, which now exposes the man-made San Gabriel and Morris reservoirs to threats from increased erosion, the report said. A September 2 story in the Los Angeles Times notes of the San Gabriel Mountains, “The San Gabriels … are powerful: capable of devastating slides, particularly when winter rains follow fires.” Under normal conditions, the reservoirs are drained and cleared of sediment every 10 to 15 years; the post-fire conditions, combined with winter rains, increase the chance that the reservoirs may need to be drained and cleared of sediment ahead of the normal schedule, reported. An Angeles National Forest technician told “These are the fastest-growing mountains in the world, I believe, and they are also the fastest disintegrating. … Even without the fires, you have a tremendous amount of sediment and material coming out of the North, West and East forks of the San Gabriel River. … That’s just in normal conditions. Now you take a fire and wipe out all that vegetation and there’s nothing to hold the topsoil and sediment back.” A Los Angeles County spokesman said the county is monitoring the situation. Source:


Banking and Finance Sector

8. September 3, Wichita Eagle – (National) FDIC extends trial time for new banks. One Wichita bank is feeling a side effect of the banking crisis that has resulted in 84 bank failures this year. The Federal Deposit Insurance Corp. notified banks on August 28 that it was extending the time it classifies a newly chartered bank as “de novo.” The regulator and overseer of the industry’s deposit insurance fund said it was extending the de novo classification from three years to seven. And it is applying that classification to all banks that have been newly chartered in the past seven years. For RelianzBank, 2327 N. Ridge Road, that means more frequent examinations, FDIC approval for significant business plan changes and a bit more reporting of certain items, such as capital ratios, to the FDIC. The $35.7 million bank’s founder and CEO said it is not a major inconvenience, even though the bank had completed its de novo period last year under the old rules. “We’re used to being scrutinized very closely, and we’re good with it,” said the CEO, whose bank started in December 2005. The FDIC revised its de novo rules because about 20 percent of the bank failures in the past two years were banks that had been chartered in the past seven years, said an FDIC spokesman. Source:

9. September 2, Associated Press – (Pennsylvania) PNC has authorities shut down ‘phishing’ site. Pittsburgh-based PNC Bank says it has alerted authorities to a bogus message sent to some of its online banking customers that was “phishing” for sensitive account information. PNC says it doesn’t know how many people received the e-mail September 1, which may have also gone to non-customers. The message now posted on the bank’s Web site falsely warns customers that their online banking services have been terminated. The message includes an Internet link and urges customers to log onto it and supply personal information to resume their online banking services. Authorities are investigating but have not charged anyone in connection with the phony warning. Source:

10. September 2, Computerworld – (Illinois) Court allows suit against bank for lax security. A couple whose bank account was breached can sue their bank for its alleged failure to implement the latest security measures designed to prevent such compromises. In a ruling issued last month, a Judge of the District Court for the Northern District of Illinois denied a request by Citizens Financial Bank to dismiss a negligence claim brought against it by a couple. The Crown Point, Indiana couple, customers of the bank, alleged that Citizens’ failure to implement up-to-date user authentication measures resulted in the theft of more than $26,000 from their home equity line of credit. The negligence claim was one of several claims brought against Citizens by the couple. Although, the Judge dismissed several of the other claims, she allowed the negligence claim against Citizens to stand. She noted that the couple had shown that a “reasonable finder of fact could conclude that the bank breached its duty to protect Plaintiffs’ account against fraudulent access.” The ruling highlights an issue that security analysts have been talking about for a long time: the need by companies to show due diligence in protecting customer data against malicious and accidental compromise. Security analysts have warned that companies that cannot prove they took adequate measures to protect data could find themselves exposed to legal liability after a data breach. Numerous lawsuits alleging such negligence have been filed against companies over the last two years. Most of those cases, however, involved payment card data breaches in which large numbers of accounts were compromised and in which victims want compensation. Courts typically sided with the breached entities in such lawsuits, and in many cases summarily dismissed the claims. The ruling shows that a “failure to implement the latest and greatest in data protection measures may be found to be a breach of expected standards of care,” warned a lawyer specializing in digital media law. Source:

Information Technology

35. September 3, The Register – (International) Snow Leopard forces silent Flash downgrade. Apple has bundled a vulnerable version of Flash with Snow Leopard. As a result, Mac users who upgrade their operating system will be left exposed to Adobe Flash-based attacks -- even if they had previously kept up to date with patches. The latest version of Flash Player for Mac is version Applying Snow Leopard loads up the older, vulnerable version of the software, irrespective of whatever version a user was previously running. Worse still, users receive no indication that the change has taken place, as illustrated in a video by net security firm Sophos. “Mac users are not informed that Snow Leopard has downgraded their version of Flash without permission, and that they are now exposed to a raft of potential attacks and exploits which have been targeted on Adobe’s software in recent months,” writes a senior technology consultant at Sophos and a Mac user. “Software suppliers can only include the latest version of bundled applications at the time the software development cycle goes gold but the least that Apple should have done is checked the latest version of Flash installed before downgrading it. Doing this without notice is doubly bad,” he added. Source:

36. September 3, Washington Times – (National) Natural disaster could enable hackers. A new security assessment of the nation’s private-sector computer networks from the Department of Homeland Security says some of the most worrisome vulnerabilities reflect the open structure of the Internet itself. The assessment, produced jointly by the Department and private companies that own much of the country’s information-technology infrastructure, also says that a major natural disaster such as an earthquake or a pandemic could be a “force multiplier” for any cyber-attacker, because it likely would impede the ability of officials and IT specialists to respond. The concern is that “a malicious actor ... could wait for a natural disaster and then use it as a force multiplier for an attack,” said a security strategist at Seattle-based Microsoft Inc., to the Washington Times. The strategist, who helped produce the assessment, said the concern was not the damage such a disaster could do to the physical infrastructure. “The focus ... was more on the disruption of human resources and the ability to detect, respond to and recover from [a] cyber-incident during a natural event.” The assessment was the first-ever attempt to objectively assess risks to the nation’s critical IT networks, said a chairman of the Information Technology Sector Coordinating Council, one of the industry groups that worked with the Department of Homeland Security to produce the report. “These networks underlie everything we do,” said the chairman, who also is a vice president at the computer firm Juniper Networks. He noted that previous risk assessments for critical infrastructure had focused on the protection of physical assets such as cables and cell towers. Source:

37. September 2, Kaspersky Lab Security News Service – (International) New unpatched flaw surfaces in SQL server. There is an unpatched flaw in Microsoft SQL Server that could enable an attacker to access users’ passwords on the database server. The vulnerability is in SQL Server 2000, 2005 and 2008. The SQL Server vulnerability was discovered last fall by database-security vendor Sentrigo, which then reported the problem to Microsoft. But the software giant did not consider the problem serious enough to warrant a patch, Sentrigo officials said, so the weakness has remained unpatched for nearly a year. Sentrigo has released a free software tool that will address the problem, though it does not patch the vulnerability. The tool, called Passwordizer, erases the cleartext passwords from the database server. In a statement, Microsoft officials said the company is not planning to patch the flaw and does not see it as a problem that requires a security update. The flaw lies in the way that SQL Server handles user passwords. By looking at the process memory, an administrator can see other users’ passwords in cleartext. However, in order to see the process memory dump, a user would have to have administrator rights already, a condition that limits the severity of the bug. The flaw can be exploited remotely in SQL Server 2000 and 2005, but in SQL Server 2008 Microsoft made a change to make it more difficult for administrators to access the memory, so an attacker would need local access to the machine in that case. Source:

Communications Sector

38. September 3, Charleston Daily Mail – (West Virginia) Man accused of taking out Internet service in Elkview. A summons has been issued for an Elkview man accused of cutting a cable line and causing an Internet outage. A Suddenlink Communications supervisor contacted the Kanawha County Sheriff’s Department on August 31 to file a complaint against the suspect, 58, of Five Mile Fork Road. The supervisor told a deputy that he had been sent to the area to repair a cable line running across the suspect’s property after the suspect called Suddenlink and complained of a sagging line going across his yard, according to a complaint filed in Kanawha Magistrate Court. The supervisor was unable to fix the line and argued with the man before leaving the home, the complaint said. The supervisor said that when he went back to the man’s home the next day the sagging line had been cut and that the suspect told him that he would cut the line again if the supervisor put up another one, the complaint said. The supervisor said the suspect made comments that he would shut down the entire system. Not a half an hour later, Internet service in the area was down because of line damage, the complaint said. Source:

39. September 3, Agence France-Presse – (International) Millions in Australia lose international Internet link. Australia’s major Internet provider Telstra said it lost contact with the rest of the world on September 3 when its international gateway crashed, crippling its fixed, mobile and wireless connections. Millions of customers were for an hour unable to access internationally-hosted sites or local sites with international content, sparking mass frustration. “Because of an issue with our international gateway, it couldn’t find the domain names of websites, so that meant people couldn’t access the net if it was an international site or one with international content,” a Telstra spokesman told the AAP newswire. The connection was rebooted and the problem rectified within an hour, but many mobile phone and computer users vented their ire online. Ssource:

40. September 3, TG Daily – (National) U.S. Telcos call for lower broadband speeds. U.S. telcos have hit on an idea to provide universal broadband to every U.S. citizen; they are calling on the government to define broadband as anything over 768 Kbps downstream and 200 Kbps upstream. The submissions, from AT&T, Comcast, Verizon Communications, and Verizon Wireless, were filed with the Federal Communications Commission following a request for information. The FCC is under pressure from the U.S. Presidential Administration, which is seeking ways to extend broadband services to both unserved Americans living in rural areas and to make broadband affordable for those living in urban areas. In comparison to what the U.S. telcos want to provide, the top three countries are Japan with 92.8 Mbps, Korea with 80.8 Mbps, and France with 51 Mbps. AT&T insisted that the broadband definition must include ‘those services that Americans actually need, want and can afford’. It claimed that most Americans did not want voice over Internet Protocol (VoIP) or streaming video, which require faster speeds. Source: