Department of Homeland Security Daily Open Source Infrastructure Report

Wednesday, September 9, 2009

Complete DHS Daily Report for September 9, 2009

Daily Report

Top Stories

 CNN reports that the San Francisco-Oakland Bay Bridge reopened ahead of schedule early Tuesday after completion of repairs to a “significant crack” in the structure’s east span. About 280,000 vehicles cross the landmark bridge every day. (See item 15)

15. September 8, CNN – (California) Bay Bridge reopens ahead of schedule. Vehicles began streaming across the San Francisco-Oakland Bay Bridge early Tuesday — a day ahead of schedule — after the completion of repairs to a crack in the structure’s east span. Commuters began driving over the bridge around 6:40 a.m. Over the weekend, crews began repairing a “significant crack” that was found on the east span of the bridge during a planned closure for another project. The target time for reopening had been early Wednesday, but crews worked nonstop overnight to repair the eyebar beam. Some closures or detours near the bridge would remain in place a while longer, including those along northbound and southbound Interstate 880. About 280,000 vehicles cross the landmark bridge every day, according to the department. The Bay Bridge was closed last week as part of a seismic retrofitting project that required cutting out and replacing a double-deck portion of the east span. Source:

 The Birmingham News reports that Midfield and Birmingham, Alabama public safety teams and an FBI emergency response team inspected Midfield City Hall on September 4 after an assistant to the mayor began itching after opening a letter, which was addressed to the city hall and bore handwriting similar to another suspicious letter the city received in June. (See item 30)

30. September 5, Birmingham News – (Alabama) Firefighters leave Midfield City Hall after responding to suspicious letter scare. Sometime around 3:30 p.m. on Saturday, crews of Birmingham and Midfield firefighters ended their inspection of Midfield City Hall, where a suspicious letter arrived that morning. One firefighter said the employee, an assistant to the mayor, began itching after opening the letter, which she said was addressed to City Hall and bore handwriting similar to another suspicious letter the city received in June. The letter had a dried substance on the envelope. The employee was taken to UAB Hospital “just as a precaution.” The Department of Homeland Security, Federal Bureau of Investigation, and Secret Service were called after the first letter arrived. That letter contained “religious connotations” but was not threatening and was not directed to any one person, the firefighter said. Federal authorities were familiar with the suspected letter writer, because he had once threatened a President of the United States. The man has not been located, but relatives told investigators he has a history of mental illness, police said. Midfield and Birmingham public safety teams, including a hazardous materials unit, and an FBI emergency response team spent much of the day at the Midfield City Hall as a precaution. No arrests have been made. Source:


Banking and Finance Sector

11. September 7, IDG News Service – (International) European banks warned: Brace for rise in cash machine fraud. Banks are likely to see cash-machine fraud rise unless steps are taken to improve their cash-machine infrastructure, the European Network and Information Security Agency (ENISA) has warned. ENISA said banks are currently at a “delicate transition stage” whereby overlooking the risks to automated teller machines (ATMs) means losing ground in a critical fight that is important to every nation’s economic system. Generally speaking, once ATMs installed, they are poorly managed and rarely updated, according to the report “ATM Crime”, released Monday. European banks in 22 countries lost a collective €485 million due to ATM fraud in 2008, according to figures released earlier this year from the European ATM Security Team (EAST), a nonprofit group composed of financial institutions and law enforcement. A total of 12,278 attacks were reported on ATMs, which represented a 149 percent increased over 2007, EAST said. The most common attack was “skimming,” or attaching equipment to an ATM that records a card’s magnetic stripe and then using surreptitious means to capture a person’s PIN (Personal Identification Number). Then, a blank ATM card can be programmed with those details and used for fraudulent transactions. Close to €400 million (US $695) of the fraud occurred outside the country where the card was issued. That is because around 90 percent of European banks now use chip-and-PIN cards, also known as EMV cards, where the ATM, as well as most point-of-sale devices, check to see if the card has a special microchip. But many machines in countries that do not use chip-and-PIN will not check for the chip and rely solely on the magnetic stripe and PIN to authorize the transaction. Source:

12. September 7, – (National) Doors close for five more community banks. The FDIC shut down five more institutions on Friday — in Iowa, Arizona, Missouri, and two in Illinois. These latest closings bring the total number of bank failures so far this year to 89. Vantus Bank in Sioux City, Iowa was the largest of the five institutions shuttered last week, with 15 branches, about $368 million in deposits, and total assets of $458 million. In its second FDIC-assisted acquisition this year, Great Southern Bank of Springfield, Missouri has agreed to take over Vantus’ operations and all deposits, and will purchase $387 million of the defunct bank’s assets, with the FDIC sharing losses on $338 million. First State Bank in Flagstaff, Arizona was shuttered by the Arizona Department of Financial Institutions on Friday. The FDIC brokered a deal with Sunwest Bank of Tustin, California to assume all of First State Bank’s $95 million in deposits and $105 million in assets. Sunwest had no presence in Arizona before agreeing to acquire First State Bank. The six branches of First State will reopen on Tuesday as branches of Sunwest. First Bank of Kansas City in Missouri, was also closed by state regulators. Great American Bank of De Soto, Kansas, agreed to take over the failed institution’s operations — its sole branch in Kansas City, $15 million in deposits, and $16 million of assets. FDIC officials said First Bank’s closure is expected to cost the agency’s insurance fund $6 million. First Bank is the fourth institution in the Kansas City area to be closed this year. The Office of Thrift Supervision closed Platinum Community Bank in Rolling Meadow, Illinois. No acquiring institution was secured for the failed bank, so the FDIC approved a payout on insured deposits. The FDIC estimates the cost of the failure to its Deposit Insurance Fund to be approximately $114.3 million. In a separate transaction, MB Financial bought about $150 million of non-brokered deposits and $212 million in assets belonging to Oak Forest, Illinois-based InBank, which was also shut down by state regulators on Friday. InBank’s three branches have reopened as offices of MB Financial. The FDIC estimates that InBank’s failure will cost $66 million. Source:

Information Technology

41. September 7, Register – (International) Worm wiggles through weary WordPress. Hackers are exploiting older installations of WordPress to distribute blog comment spam and disguise links to malware-contaminated sites. The worm-based attack targets an older version of the popular blog publishing software. Although the worm attempts to hide its tracks, coding errors mean that links on a blog wind up getting broken following an attack, thus revealing something is wrong, as explained in a blog post by Wordpress. This particular worm, like many before it, is clever: it registers a user, uses a security bug (fixed earlier in the year) to allow evaluated code to be executed through the permalink structure, makes itself an admin, then uses JavaScript to hide itself when a user looks at users page, attempts to clean up after itself, then goes quiet so the user never notices while it inserts hidden spam and malware into the user’s old posts. The tactics are new, but the strategy is not. Where this particular worm messes up is in the “clean up” phase: it does not hide itself well and the blogger notices that all his links are broken, which causes him to dig deeper and notice the extent of the damage. Bloggers are advised to update their software to the latest 2.8.4 version of WordPress. Applying an update might be a chore but it is far easier than fixing a hacked blog, as WordPress points out. Source:

42. September 4, Government Computer News – (National) DHS needs to plug some cybersecurity holes, audit finds. The Homeland Security Department should improve its cybersecurity programs for some major control systems, according to a new report from the DHS inspector general (IG). The control systems, which operate primarily in power plants, factories and utilities, are a vital part of the nation’s critical infrastructure. In recent years control systems increasingly have become networked and linked with other information technology systems including the Internet. As a result, the control systems are vulnerable to cyber threats, the IG said. DHS’ National Cyber Security Division (NCSD) has been coordinating public and private efforts for cybersecurity in control systems. It also conducts training. Although that division has made progress, there are still gaps in control system cybersecurity, according to the IG’s report published Sepember 1. The IG said the division needs to do more to encourage information sharing between the public and private sectors on needs, threats and vulnerabilities that affect control systems; conduct more vulnerability assessments performed on control systems; deploy better performance measures; and initiate an expanded program for education, training and awareness. “While progress has been made, the [NCSD] still faces difficult challenges in effectively reducing the cybersecurity risks to the nation’s critical infrastructure,” he wrote. “Improvements are needed in NCSD’s effort to protect and secure control systems that are essential to the nation’s security and economy.” For example, more information sharing is needed, the report said. Some regulatory agencies expressed concern with the national cyber division’s leadership role and were dissatisfied with the amount of information that was being shared. The agencies complained that they were not informed of the results of cyber control system vulnerability assessments, the IG said. Source:

Communications Sector

Nothing to report.