Department of Homeland Security Daily Open Source Infrastructure Report

Tuesday, September 29, 2009

Complete DHS Daily Report for September 29, 2009

Daily Report

Top Stories

 According to the Houston Chronicle, a 2-mile stretch of the Houston Ship Channel remains closed indefinitely to ship traffic as crews work to remove 10,500 gallons of fuel oil from the water after a ship collided with a barge on Friday. (See item 1)

1. September 28, Houston Chronicle – (Texas) Ship Channel stretch could reopen this week. A 2-mile stretch of the Houston Ship Channel remains closed indefinitely to ship traffic Monday as crews work to remove thousands of gallons of fuel oil from the water. Although the cleanup could take as long as three weeks, Coast Guard officials are hopeful that the channel could reopen this week. The channel is closed to all vessel traffic north of the Sidney Sherman Bridge over East Loop 610. The spill is contained, but it is unclear how long it will take to clean up the 10,500 gallons of fuel oil that flowed into the water after a ship collided with a barge Friday in the channel’s northernmost area. As of Monday morning, crews had recovered 4,280 gallons. About 10 vessels — four inbound and six outbound — are blocked from moving as the cleanup progresses. Officials are trying to determine how to get the vessels — ships, tugs, and barges — moving without disturbing the cleanup. The oil is in the channel’s last few miles, which is much less traveled than other areas. “Right now we don’t have a major problem and don’t have major impact on port operations,” a chief petty officer said. The spill happened when a 458-foot vessel, owned by W.O. Ship Management based in the Marshall Islands, was trying to turn around near Brady’s Island around 9 p.m. Friday and struck Buffalo Barge No. 251. One of the vessel’s fuel tanks was damaged, and heavy fuel oil leaked for more than four hours out of a 2-foot-by-4-foot gash that was about 5 feet above the water line. The vessel’s owner has taken responsibility for the spill and will pay for the cleanup. At least 130 people are working on the cleanup. Source:

 The Kentucky Enquirer reports that the Army Corps of Engineers used sonar equipment on Monday to locate a lock gate that fell into the Ohio River at the Markland Locks and Dam near Warsaw, Kentucky, following what officials called a catastrophic equipment malfunction on Sunday. (See item 43)

43. September 27, Kentucky Enquirer – (Kentucky) River traffic resumes after lock damaged. The Army Corps of Engineers will use sonar equipment on Monday to locate a lock gate that fell into the Ohio River at the Markland Locks following what officials called a catastrophic equipment malfunction on Sunday. The Markland Locks and Dam stretches across the river from Gallatin County in Kentucky to Switzerland County in Indiana, northeast of Louisville. River traffic was halted through the 1,200-foot main chamber after the 8 a.m. incident, a Corps of Engineers spokesman said. Engineers later in the day opened a 600-foot auxiliary chamber. “I have not seen anything like this or remember anything like this in 24 years,” he said. River traffic was flowing slowly again by early Sunday evening. It was not known when the locks would again be in full operation. The Markland Locks pass 55 million tons of commodities each year. According to the Waterways Council Inc., the principal commodity moving through the locks is coal that fuels power plants along the Ohio River. The Army Corps of Engineers has given the locks a performance rating of D because of a risk of failure due to the unreliability of miter gates. According to a February 2008 report by the Waterways Council Inc., the locks are drained annually instead of every five years to inspect and repair gates because of the high risk of failure. “The risk is very high that a failure of the lock gates will occur, forcing traffic through the auxiliary lock for an extended period, causing huge delays and costs to the towing industry,” the report said. Source:


Banking and Finance Sector

15. September 28, CNN – (Georgia) Georgia bank is 95th to fail this year. Atlanta-based Georgian Bank was closed by state regulators on September 25, according to the Federal Deposit Insurance Corporation, becoming the 95th to fail in the nation this year. Customers of Georgian Bank are protected. The FDIC, which has insured bank deposits since the Great Depression, currently covers customer accounts up to $250,000. First Citizens Bank and Trust Company, Inc., of Columbia, South Carolina, agreed to assume all of Georgian’s $2 billion deposits and will purchase “essentially all” of its $2 billion in assets, the FDIC said. The five branches of Georgian Bank will reopen on September 28 as branches of First Citizens Bank. “We view this transaction as a unique opportunity based on current developments in our industry,” said the president and chief operating officer for First Citizens, in a statement. The acquisition is part of First Citizens’ “expansion strategy” in South Carolina and Georgia, he added. The 95 banks that have failed so far this year, an average of more than 10 per month, is nearly four times the number of banks that failed in 2008. It’s the highest tally since 1992, when 181 banks failed. Source:

16. September 27, USA Today – (National) FDIC chief wants overdraft fees restricted. The head of the Federal Deposit Insurance Corp. (FDIC) is calling for tight restrictions on fees charged for overdrawn checking accounts. In the past week, some of the nation’s largest banks have announced plans to change the way they assess overdraft fees. The Federal Reserve has said it plans to release a rule by the end of the year on overdrafts. But it is unclear whether, and to what extent, it will require banks to curtail overdraft practices. Some analysts say that onerous restrictions could also make it harder for the troubled industry to recover. Overdraft fee income has been a huge source of profits for banks. In 2009, banks are expected to reap a record $38.5 billion from overdraft fees, nearly twice the $20.5 billion they stand to collect from credit card penalties such as late and over-limit fees, according to research firms Moebs Services and R.K. Hammer. Source:

17. September 27, Reuters – (New York) Madoff sons, brother, niece to be sued: report. An epic swindler’s two sons, his brother and a niece will be sued this week for $198 million, the trustee winding down the Madoff firm told CBS News’ “60 Minutes” broadcast on September 27. The sons, brother and niece all held executive positions with the firm and should have known about the multibillion-dollar, worldwide 20-year-long Ponzi scheme, the trustee and his chief counsel told the program. Wall Street’s biggest investment fraud, a Ponzi scheme in which early investors are paid with the money of new clients, collapsed in the declining economy in December 2008. The mastermind confessed to the fraud of as much as $64.8 billion and is serving a 150-year prison sentence. Asked by “60 Minutes” whether investigators were working under the assumption that there was money still hidden, the chief counsel said: “Yes, we are” and the trustee said, “We’d assume it’s millions and millions of dollars.” The chief counsel told “60 Minutes” he estimated about $36 billion went into the whole scheme. “About $18 (billion) of it went out before the collapse. And $18 (billion) of it is just missing. And that $18 billion is what we’re trying to get back.” The New York lawyers said the latest lawsuit to recover money for defrauded investors under the Securities Investor Protection Act would accuse the family members of negligence and breach of fiduciary duty. The lawsuits to be filed in U.S. bankruptcy court in New York would also accuse them of profiting personally in the tens of millions of dollars while working at the firm. Source:

Information Technology

35. September 28, The Register – (International) Reddit swiftly squishes XSS worm. Popular social news website Reddit has stopped the spread of a cross-site scripting (XSS) worm that hit the site on Monday. The XSS worm spread via comments on the site, originally from the account of a user called xssfinder. Reddit failed to filter out JavaScript in some cases, specifically when a user hovered his or her mouse over a link, a factor the miscreants behind xssfinder’s account exploited to run a proof of concept attack. In an apparent test attack, xssfinder posted a comment linked to malicious scripts on a thread called “Guy on a bike in New York ‘high fives’ people hailing cabs.” Users reading the comment ended up sending massive amounts of spam comments onto other Reddit threads. Reddit administrators moved in promptly to close the vulnerability and restore order before things got out of hand. Throughout the confusion the site was never down. Xssfinder’s account was deleted soon after the attack began, reports Finnish web security firm F-Secure. Source:

36. September 28, The Register – (International) Phishing fraud hits two year high. Phishing attacks reached a record high during the second quarter of 2009, with 151,000 unique attacks, according to a study by brand reputation firm MarkMonitor. Brands in the financial and payment services sectors continue to be the favourite targets for fraudulent emails that attempt to trick users into handing over their login credentials. They were the subject of four in five (80 per cent) of all phish attacks in Q2 2009. Elsewhere, attacks targeting the login credentials of social networking websites more than doubled between Q2 2008 and Q2 2009, increasing 168 per cent over the course of 12 months. An analysis of the millions of URLs in fraudulent emails by MarkMonitor identified a shift in the phishing techniques used by fraudsters, with 351 attacks per organisation, on average, in Q2 2009. The US hosted half (50 per cent) of the sites associated with phishing attacks during Q2 2009. MarkMonitor believes phishing attacks are at a two-year high, contrary to some reports that suggest fraudulent email attacks are on the decline. Source:

37. September 25, ComputerWorld – (International) Hackers pay 43 cents per hijacked Mac. A network of Russian malware writers and spammers paid hackers 43 cents for each Mac machine they infected with bogus video software, a sign that Macs have become attack targets, a security researcher said on September 24. In a presentation on September 24 at the Virus Bulletin 2009 security conference in Geneva, Switzerland, a Sophos researcher discussed his investigation of the Russian “Partnerka,” a tangled collection of Web affiliates who rake in hundreds of thousands of dollars from spam and malware, most of the former related to phony drug sites, and much of the latter targeting Windows users with fake security software, or “scareware.” But the researcher also said he had uncovered affiliates, which he dubbed “codec-partnerka,” that aim for Macs. “Mac users are not immune to the scareware threat,” said the researcher in the research paper he released at the conference to accompany his presentation. “In fact, there are ‘codec-partnerka’ dedicated to the sale and promotion of fake Mac software.” One example, which has since gone offline, was, said the researcher. “Just a few months ago it was offering [43 cents] for each install and offered various promo materials in the form of Mac OS ‘video players,’” he said. Another Sophos researcher argued that the researcher’s evidence shows Mac users, who often dismiss security as a problem only for people running Microsoft’s Windows, are increasingly at risk on the Web. Source:

Communications Sector

38. September 28, Mobile Burn – (National) AT&T asks FCC to investigate Google Voice. AT&T is urging the Federal Communications Commission to review the Google Voice call-forwarding system because it blocks outgoing calls to some phone numbers, the Wall Street Journal reports. The network carrier also called into question Google’s net neutrality double standard, its “noisome trumpeting” of the policy while it simultaneously limits traffic through Google Voice. The service prohibits users from calling adult lines and conference-call centers to keep costs down, Google says. Google responded to the letter on its policy blog, stating that the web-based software is not subject to common carrier laws and that users still need a traditional phone service to use Voice. Lastly, Google says AT&T’s net neutrality comparison “doesn’t fly,” since the FCC open Internet principles regulate broadband carriers, not software creators. The FCC is reviewing the letter but has not commented whether or not it will investigate the situation. Source: