Department of Homeland Security Daily Open Source Infrastructure Report

Thursday, September 10, 2009

Complete DHS Daily Report for September 10, 2009

Daily Report

Top Stories

 BBC News reports that an AeroMexico passenger plane flying from the Mexican resort of Cancun was hijacked and flown to Mexico City on Wednesday. Mexican news Web sites earlier reported that three men had threatened to blow up the plane, carrying 104 passengers, unless they were allowed to speak to Mexico’s president. (See item 15)

15. September 9, BBC News – (International) Hijacked jet lands in Mexico City. A passenger plane flying from the Mexican resort of Cancun has been hijacked and flown to Mexico City, officials say. Mexico’s Transport Minister told Mexican radio the jet had landed safely at Mexico City’s international airport. Local media reported seeing passengers leaving the plane and boarding buses. Mexican news websites earlier reported that three men had threatened to blow the plane up unless they were allowed to speak to Mexico’s president. Mexican media report that the hijackers are three Bolivian citizens. The reports could not be confirmed. TV Azteca said that the AeroMexico aircraft was parked at the end of the runway and that passengers were seen disembarking, although how many of the 104 remained on board was not clear. The report said those leaving were carrying hand luggage and appeared calm. Witnesses said that military personnel were at the airport. Source:

 According to the Salt Lake City Deseret News, a motorized parachute crashed into a crowd at a festival in Hooper, Utah on Monday, injuring at least six people. National Transportation Safety Board investigators are unsure whether the unregistered craft should have been registered, based on its specifications. (See item 38)

38. September 8, Salt Lake City Deseret News – (Utah) Sheriff’s investigation into Hooper crash complete. Weber County sheriff’s investigators have finished their probe of a powered-parachute crash that injured at least six people, some of them children, during Hooper Tomato Days celebrations Monday. The two girls, ages 3 and 5, who were flown to the hospital Monday for their injuries, have now been released. “The sheriff’s office will not be taking any criminal action against the pilot of the craft, but the case has been referred to the Federal Aviation Administration (FAA) for their consideration,” the Weber County sheriff’s captain said Tuesday. “We do not know what actions, if any, the FAA will take against the pilot.” The FAA is working with investigators from the National Transportation Safety Board to determine the cause of the crash. The pilot told authorities his aircraft suddenly lost lift as he crossed over power lines on the perimeter of the festival grounds, said an NTSB aviation-accident investigator. The pilot of the craft and his son had been scheduled to fly over the crowd of families on Monday to drop candy and gifts to festival-goers. Instead — possibly due to wind gusts — the aircraft lost altitude suddenly and crashed into the crowd. The powered parachute — also called an ultra-plane — resembles a go-cart with a large rotor fan attached to the back and a parachute on top. Investigators are unsure whether the unregistered craft should have been registered, based on its specifications. “We’re still trying to determine what regulations the operation fell under,” said the NTSB aviation-accident investigator. Source:


Banking and Finance Sector

14. September 9, New York Times – (New York) Man accused of running Ponzi scheme in Brooklyn. A Brooklyn money manager was arrested on Tuesday and charged with swindling hundreds of investors, including many retirees, out of $40 million in what prosecutors called a “classic Ponzi scheme” dating to the 1970s. Officials said the money manager put some of the money into real estate investments that did not pan out and some into a pornography business. The money manager ran a group of small companies, known collectively as the Leverage Group, out of a small storefront office in Bay Ridge, where he grew up and where he still lives, and earned the trust of investors through his local ties and unassuming nature, his clients told investigators. He eventually collected the $40 million from 800 investors by promising consistent returns of 12 percent or higher from stock options, according to the criminal complaint. The money manager generated quarterly statements detailing fictitious trades and account balances, and promised investors they could withdraw money from their accounts whenever they chose, the complaint said. The money manager eventually stopped investing in stock options and used the funds to buy property in Sullivan County and to run a mail-order pornography business, the authorities said, and he used new investments to pay those who wanted to withdraw funds from their accounts. It was unknown whether the pornography business turned a profit. If convicted, the suspect faces a maximum sentence of 20 years. Source:

Information Technology

34. September 9, Computerworld – (International) Microsoft confirms critical unpatched Vista, Windows 7 RC bug. Microsoft late on September 8 confirmed that a bug in Windows Vista, Windows Server 2008, and the release candidates of Windows 7 and Windows Server 2008 R2, could be used to hijack PCs. The vulnerability in SMB (Server Message Block) 2, a Microsoft-made network file- and print-sharing protocol that ships with Windows, was first disclosed late Monday, when a researcher posted exploit code he claimed crashed Windows Vista and Windows 7 systems, causing the dreaded “Blue Screen of Death.” Later, several researchers, including a senior security engineer of nCircle Network Security, vouched that tests showed the attack code crashed machines running Vista, Server 2008 and the Windows 7 and Server 2008 R2 release candidates, but not the final, or RTM, versions of the latter two. Also on September 8, another researcher said on the Bugtraq mailing list that the vulnerability was not only a denial-of-service flaw, but also allowed remote code execution, security-speak for a bug that could be used to jack a machine. In a security advisory issued around 9 p.m. ET Tuesday, Microsoft corroborated both researchers’ findings. “An attacker who successfully exploited this vulnerability could take complete control of an affected system,” Microsoft’s advisory said. “Most attempts to exploit this vulnerability will cause an affected system to stop responding and restart.” Microsoft also noted that while the release candidates of Windows 7 and Windows Server 2008 R2 are vulnerable, the RTM, or release to manufacturing, editions are not. The RTM versions of Windows 7 and Windows Server 2008 R2 are the ones that were handed over to computer makers in late July, and issued to volume license customers, and some developers and IT professionals in early August. The release candidates, on the other hand, have been widely distributed, with millions of users downloading Windows 7 RC during the three and a half months it was available to the public. Source:

35. September 8, The Register – (California) Website exposes sensitive details on military personnel. Programming errors on a website that helps commuters carpool to work are exposing sensitive information of workers for hundreds of employers in Southern California, including at least one military installation. The bugs, discovered last month on, allow hackers access to a variety of personal information, including individuals’ names, home addresses, phone numbers, the times they commute to and from work, and in some cases employee numbers. The SQL injection vulnerability remained active at time of writing, more than two weeks after it was reported to a developer who runs the website. “There’s sensitive data there that definitely shouldn’t be on the internet,” said a security researcher who identified the vulnerability after receiving an email from his employer saying he was required by law to provide the information. “The reason I am bringing this to your attention is that the issue is not being fixed by the admins and most companies don’t even know that their employees’ personal and corporate information, like employee ID [number and] login ID, may have been compromised.” The form the developer was required to complete asked for a wealth of personal information, including his typical work hours, the times he begins work on each workday, and his employee ID. “The state can impose monetary penalties on companies that fail to complete this survey,” an email sent by the researcher’s employer warned. The website is a joint project developed by transit authorities in five regional governments in Southern California. A spokesman for the Riverside County Transportation Commission, one of the agencies responsible for the website, said administrators are working to fix the problem with the help of Trapeze Group, an Ontario, Canada-based company that designed the carpool software. A Trapeze spokeswoman said on Tuesday that she was unaware of any security bugs in the software but promised the company would fix any that are brought to its attention. Source:

36. September 8, AfterDawn – (International) Windows flaw spells BSOD risk to newer operating systems. Concept code has been published that takes advantage of an unpatched vulnerability in Microsoft’s implementation of Server Message Block (SMB), which is a protocol used in File and Printer sharing over a network. Microsoft’s Windows Vista, Windows Server 2008 and Windows 7 are all currently affected by the unpatched vulnerability, while Windows 2000 and Windows XP are not affected by it at all. The concept exploit uses the flaw to force Windows machine into the infamous Blue Screen of Death (BSOD). According to security researchers at the Internet Storm Center (ISC), the problem is defeated by using basic firewall protection. “The exploit needs no authentication, only file sharing enabled with one packet to create a BSOD,” ISC researchers warn. “We recommend filtering access to port TCP 445 with a firewall.” Microsoft issued a number of security updates during the day to address some serious vulnerabilities in the Windows operating systems. The SRV2.SYS (SMB) file vulnerability that can cause a BSOD was not included, likely due to the timing of the exploit code’s release, but Microsoft did reveal that it is investigating the issue. Source:

Communications Sector

37. September 8, Wall Street Journal – (National) FCC considers collecting outage data from Internet firms. The Federal Communications Commission could seek expanded authority from Congress to obtain network outage information from cable companies and other Internet service providers during emergencies, an FCC official said on September 9. “As our networks, in essence, have merged, we have to think about [more Congressional authority] if our mission really is to ensure communications,” said the FCC public safety and homeland security bureau chief. “This is one thing we’ll be examining — exactly how do we ensure communications over the Internet,” he said. First responders, particularly hospitals, are increasingly dependent on Internet connections for a variety of their functions. The FCC currently has the authority to monitor the resiliency of landline and cellular Internet networks such as those provided by AT&T Inc. and Verizon Communications Inc. But the FCC has less flexibility to regulate Internet services offered by “information services” such as cable. The bureau chief spoke at a news conference unveiling a new FCC report on the agency’s emergency readiness. Source: