Department of Homeland Security Daily Open Source Infrastructure Report

Friday, September 25, 2009

Complete DHS Daily Report for September 25, 2009

Daily Report

Top Stories

 MSNBC reports that the makers of Tylenol have recalled more than 20 types of children’s and infant’s medications as a precaution against possible bacterial contamination. The recalled products were made between April and June 2008. (See item 21)

21. September 24, MSNBC – (National) Tylenol recalls some children’s medications. The makers of Tylenol have recalled more than 20 types of children’s and infant’s medications as a precaution against possible contamination. The liquid products were being voluntarily pulled from stores and warehouses because bacteria were detected in one of the inactive ingredients, the company said. The ingredient with the bacteria was not used in packaged Tylenol products sold in stores, but was manufactured at the same time. The company did not announce whether any children had been sickened by the medicines. The recalled products include: Children’s Tylenol Cold MS Suspension 4 oz. Grape, Children’s Tylenol Plus Cough & Runny Nose 4 oz. Cherry, and Infant’s Tylenol Suspension Drop 1 oz. Grape. The recalled products were made between April and June 2008. The recall involves only liquid Tylenol products. Source:

 According to the Associated Press, a U.S. Census worker found hanged from a tree in a remote patch of the Daniel Boone National Forest in rural southeast Kentucky had the word “fed” scrawled on his chest, a law enforcement official said Wednesday. The FBI is investigating whether he was a victim of anti-government sentiment. (See item 25)

25. September 23, Associated Press – (Kentucky) Census worker hanged with ‘fed’ on body. A U.S. Census worker found hanged from a tree near a Kentucky cemetery had the word “fed” scrawled on his chest, a law enforcement official said Wednesday. The FBI is investigating whether he was a victim of anti-government sentiment. A law enforcement official, who was not authorized to discuss the case and requested anonymity, did not say what type of instrument was used to write the word on the chest of the victim, a 51-year-old part-time Census field worker and teacher. He was found September 12 in a remote patch of the Daniel Boone National Forest in rural southeast Kentucky. The Census has suspended door-to-door interviews in rural Clay County, where the body was found, pending the outcome of the investigation. An autopsy report is pending. An FBI spokesman said the bureau is assisting state police and declined to confirm or discuss any details about the crime scene. Attacking a federal worker during or because of his federal job is a federal crime. Source:


Banking and Finance Sector

10. September 24, Bloomberg – (International) Seized U.S. bonds for $116 billion are fake, prosecutor says. U.S. Treasury bonds with a face value of $116 billion seized in Italy in August are fake and were destined for U.S. investors, according to the prosecutor running the probe. The phony U.S. securities were sent to Italy from the Philippines and confiscated on August 19 at Milan’s Malpensa airport, the Italian prosecutor said in an interview Thursday. In June, police seized $134 billion of fake U.S. securities at the border with Switzerland. Prosecutors do not have evidence to link the two batches of bonds, both dated from 1934 and of $500 million denominations, he said. A woman from the Philippines, who was to receive the bonds taken in August, and the sender, her brother, who later traveled to Italy, were arrested by local police, the prosecutor said. The man remains in custody, he added. The U.S. Secret Service assisted in analyzing the bonds to determine whether they are counterfeit. Had the notes been genuine, the pair would have been the U.S. government’s sixth-biggest creditor, behind Russia, which is owed $118 billion. Source:

Information Technology

31. September 24, The Register – (International) Phishing worm spreads across Twitter. A worm linked to a new phishing scam is spreading via messages on Twitter. Already compromised accounts are sending direct messages to users including a link to a video clip, like this: “rofl this you on here?” Users who follow the link are invited to submit their login credentials via a counterfeit Twitter login page. In the process they surrender control of their micro-blogging account to hackers, who use the access to send out a fresh round of phishing lures. This is far from the first time miscreants have launched a phishing attack that targets Twitter users. Previous assaults along the same lines claimed to link to a “funny picture” of the victim. As with the latest attack, the phishing lures came in direct messages from someone an intended mark was likely to know. Source:

32. September 23, IDG News Service – (International) Drudge, other sites flooded with malicious ads. Criminals flooded several online ad networks with malicious advertisements over the weekend, causing popular Web sites such as the Drudge Report, and to inadvertently attack their readers, a security company said Wednesday. The trouble started on Saturday, when the criminals somehow placed the malicious ads on networks managed by Google’s DoubleClick, as well as two others: YieldManager and ValueClick’s Fastclick network, according to a senior security researcher with ScanSafe. The attack comes just a week after the New York Times Web site was tricked into displaying a deceptive ‘scareware’ advertisement for fake antivirus software from scammers pretending to be ad buyers with Vonage, an Internet telephony company. Instead of trying to trick Web surfers into buying bogus software, these ads attacked. They would pop up a nearly invisible window in the victim’s browser that contained a maliciously encoded pdf document, which included attack code that placed a variant of the Win32/Alureon Trojan horse program on the victim’s computer. Sometimes, the ads would also try to exploit a previously patched flaw in Microsoft’s DirectShow software. Source:

33. September 23, IDG News Service – (International) Cisco patches a dozen router bugs. Cisco Systems has released its twice-yearly set of security patches for its router firmware, fixing 12 security flaws in the products. Cisco describes the bugs in 11 security advisories, released Wednesday, saying that they affect routers and switches that use the Cisco Unified Communications Manager, as well as a variety of services in the devices’ underlying Cisco IOS operating system. “Exploits of the individual vulnerabilities could result in two different impacts, a breach in confidentiality or a denial of service,” Cisco said in a note describing the updates, posted to its Web site on Wednesday. Cisco is patching so many bugs at once because, like other major technology vendors, it now releases its security updates on pre-set days. This makes it easier for IT staff to plan its patching. Cisco’s updates come on the fourth Wednesday of March and September each year, meaning that the next IOS patches are due March 24, 2010. Source:

34. September 23, eWeek – (National) House panel approves cyber-security R and D bill. A U.S. House subcommittee September 23 approved legislation requiring federal agencies to develop, update and implement strategic plans for cyber-security R&D. The Cybersecurity Research and Development Amendments Act of 2009 calls for agencies to create a road map detailing each agency’s cyber-security role and the level of funding required to fulfill the research objectives. In addition, the bill would require the NSF (National Science Foundation) to support research on the social and behavioral aspects of cyber-security. The legislation now moves to the full Committee on Science and Technology. The subcommittee has held three hearings to examine the state of federal cyber-security, including areas where progress is needed, the need for a more coordinated and prioritized research portfolio, better partnerships between the private sector and government and training for the IT work force. Source:

Communications Sector

35. September 24, Contra Costa Times – (California) Fire at Walnut Creek Comcast building deemed suspicious. A single-alarm fire that damaged a Comcast services building early Thursday morning is being investigated as a possible arson, the Contra Costa Fire District said. Firefighters were called to the company’s network services building near Arroyo Way and North Broadway about 3:45 a.m. and found the front of the building heavily engulfed, said the battalion chief. The fire was extinguished within 15 minutes, but not before causing hundreds of thousands of dollars in damage to the building and computer equipment, he added. The company said that nearly 40,000 local Comcast customers experienced interruptions to their cable and Internet service after the fire broke out, but have since had their service restored. No one was inside the building when the fire was reported and no firefighters were injured. He said the fire was suspicious but declined to speak further, saying an investigation is underway. Source:

36. September 24, Texarkana Gazette – (Arkansas) Water damages cables. About 1,500 Arkansas Windstream Telecommunications customers are without service following storms late Monday and early Tuesday. A company spokesman said a 700-foot stretch of underground telephone cable at East Ninth and Broad streets sustained water damage and must be replaced. The cable contains more than 2,000 cable pairs of wire that provide voice and broadband services to customers. Source: