Department of Homeland Security Daily Open Source Infrastructure Report

Friday, November 6, 2009

Complete DHS Daily Report for November 6, 2009

Daily Report

Top Stories

 According to WNYW 5 New York, hazardous materials crews responded to the Hillview Reservoir near Yonkers, New York on November 4 after a chlorine gas release at the reservoir, which supplies water to New York City. (See item 25)

25. November 4, WNYW 5 New York – (New York) Chlorine gas release in Yonkers. There was a chlorine gas release at a reservoir in Yonkers that supplies water to New York City. Hazardous materials crews responded to the Hillview Reservoir on Wednesday morning. The release apparently happened in a building that is next to the reservoir. Hillview Reservoir is next to the New York State Thruway in Southeast Yonkers. It appears that none of the chemical actually ended up into the water supply. Sources tell Fox 5 News that nearby residents were warned of a potential problem via Yonkers’ reverse 911 warning system but were not ordered to evacuate. Air outside the facility has been tested and reportedly does not pose a risk. It is unclear how much chlorine gas was released next to the 100 year old reservoir. Source:

 WAPT 16 Jackson reported on November 5 that hundreds of fire hydrants in Jackson, Mississippi, have been deemed faulty, according to city records. (See item 31)

31. November 5, WAPT 16 Jackson – (Mississippi) Hundreds of Jackson fire hydrants deemed faulty. Hundreds of fire hydrants in Jackson, Mississippi, are deemed faulty, according to city records. In September, a local man’s home burned to the ground as neighbors watched. Although firefighters were at the scene, the two fire hydrants they plugged into could not produce enough water to fight the blaze. It is not the first time firefighters have found hydrants that were not working when they needed them. In October 2007, firefighters plugged into a faulty fire hydrant at the old Woodland Hills Baptist Academy and last year one house burned down in West Jackson. According to the city fire marshal, the Jackson Fire Department inspected 6,330 fire hydrants this year. They found that 288 hydrants were faulty. Public works crews fixed 28 hydrants and replaced eight others, leaving 252 hydrants still in need of repairs. The director of Public Works, said his department is responsible for fixing problem hydrants but said those which are in need of repair are still capable of producing water. He said the faulty fire hydrants are spread out over Jackson and that the city is using GPS technology to get a better map of where all the hydrants are located. Source:


Banking and Finance Sector

14. November 5, – (National) Business: Feds Close San Diego National Bank. The Federal Deposit Insurance Corporation recently took over San Diego National Bank (SDNB)—all 28 branches—as well as eight other failed banks nationwide. The banks involved in the seizure were Bank USA, National Association (Phoenix); California National Bank (Los Angeles); San Diego National Bank; Pacific National Bank (San Francisco); Park National Bank (Chicago); Community Bank of Lemont (Lemont, Illinois); North Houston Bank; Madisonville State Bank (Madisonville, Texas); and Citizens National Bank (Teague, Texas). As of September 30, the banks had combined assets of $19.4 billion and deposits of $15.4 billion. Like other failed banks across the nation, SDNB’s problems were due largely to losses from investments with Fannie Mae and Freddie Mac. All the banks, including San Diego National Bank, have reopened as branches of U.S. Bank, a subsidiary of U.S. Bancorp, headquartered in Minneapolis. Depositors of San Diego National Bank automatically became depositors of U.S. Bank, said a spokesperson for U.S. Bank. Source:

15. November 4, Grand Junction Sentinel – (Colorado) Man threatens Fruita bank with bomb. Fruita, Colorado, authorities are looking for a man who robbed a bank Wednesday after threatening to detonate a bomb. The Fruita Police Chief said the suspect walked into a branch of U.S. Bank and verbally demanded money from bank employees, claiming he had a remote-control bomb outside the bank. The man was given an undisclosed amount of cash. He fled the bank on foot along the Interstate 70 frontage road, according to the chief. Source:

Information Technology

35. November 5, IDG News Services – (International) Scramble on to fix flaw in SSL security protocol. Software makers around the world are scrambling to fix a serious bug in the technology used to transfer information securely on the Internet. The flaw lies in the SSL protocol, best known as the technology used for secure browsing on Web sites beginning with HTTPS, and lets attackers intercept secure SSL (Secure Sockets Layer) communications between computers using what’s known as a man-in-the-middle attack. Although the flaw can only be exploited under certain circumstances, it could be used to hack into servers in shared hosting environments, mail servers, databases, and many other secure applications, according to a security researcher who has studied the issue. Further complicating matters is the fact that the bug was inadvertently disclosed on an obscure mailing list on November 4, forcing vendors into a mad scramble to patch their products. The issue was discovered in August by researchers at PhoneFactor, a mobile-phone security company. They had been working for the past two months with a consortium of technology vendors called the ICASI (Industry Consortium for Advancement of Security on the Internet) to coordinate an industry wide fix for the problem, dubbed “Project Mogul.” But their plans were thrown into disarray on November 4 when a SAP engineer stumbled across the bug on his own. Apparently unaware of the seriousness of the issue, he posted his observations on the issue to an IETF (Internet Engineering Task Force) discussion list. It was then publicized by a security researcher. By the afternoon of November 5, enough people were talking about the issue that PhoneFactor decided to go public with their findings. Source:

36. November 5, IDG News Services – (International) EU breaks deadlock in debate over right to Internet access. After months of often bitter debate, European Union lawmakers reached agreement on how to preserve citizen’s rights to Internet access in a meeting that ended in the early hours of November 5. The issue, which pits citizens’ civil liberties against the rights of content owners such as record and movie companies to protect creative works on the Internet, has blocked the passage of a wide range of laws collectively dubbed the telecoms package. Although the compromise reached by representatives of the European Parliament, the 27 national governments and the European Commission has still to be confirmed, it is seen as a watershed moment for the proposed laws, which aim to enhance competition among telecoms providers and to adapt users’ rights to better suit the Internet age. The text of the telecoms package now contains a new Internet freedom provision that states that access to the Internet is a human right of every E.U. citizen, and that if authorities take away that right people must have the opportunity to defend themselves; citizens also have an automatic right to mount a legal challenge. However, the text does not demand that authorities in the 27 countries of the E.U. obtain a court order before cutting off someone’s Internet connection, as the European Parliament demanded when it last voted on the issue in early summer. The issue is very sensitive, and not just in Europe, where a number of countries including France and U.K. are passing laws threatening to sever users’ Internet connections if they are found to have breached the copyright on music or movies. The subject is under discussion at a gathering in South Korea this week. The U.S. is trying to garner support from other countries for a treaty that would force Internet service providers to take action against subscribers to their networks involved in illegal file sharing. The so-called Anti-Counterfeiting Trade Agreement (ACTA) has attracted condemnation from many law experts and civil liberties activists because of the secretive way it is being drafted, and for the dramatic changes it would impose on the way people engage with the Internet. Source:

37. November 5, The Register – (Ohio; Indiana) Men allegedly broke into computers of former employer. Federal authorities on Wednesday filed intrusion charges against two men accused of accessing the computer systems of their former employer. The suspects, a 45 year old from Jasper, Indiana, and a 39 year old from Williamstown, Kentucky, both worked as managers for Indiana-based Stens Corporation until taking jobs with a competing company in Ohio, according to an indictment filed in federal court. On at least 12 occasions, they used old passwords to access their former employer’s computer and access proprietary information, prosecutors allege. Although the men left their jobs in 2004 and early 2005, they were able to use the outdated passwords successfully as late as September of 2006. On at least two occasions, administrators at Stens grew suspicious and terminated old passwords. The men simply tried different login credentials - and succeeded several times. Source:

38. November 5, eWeek – (International) Botnets tighten defenses year after McColo shutdown. In the year since the shutdown of notorious Web hosting firm McColo, spammers are growing strong. In fact, researchers at McAfee reported that spam accounted for 92 percent of e-mail in the second quarter of 2009. Part of this is the result of improvements by botnet operators. Like anyone who is successful what they do, the people controlling the most powerful botnets in cyber-space learn from their mistakes. “McColo affected a couple of main botnets seriously, notably Srizbi which has never recovered and Rustock which took an immediate hit before recovering over time,” explained the vice president of technical strategy at M86 Security. “One of the immediate changes was the use of hard coded domains in the malware body instead of IP addresses. Before, domains could be changed to different IP addresses to provide a recovery option on their command and control methods.” “In general,” he continued, “they have improved the availability and resilience of their command and control servers and in some ways the McColo take down has driven them more underground and forced them to use more different methods, making it harder to detect. Some examples that have already been seen have been the use of Twitter, Google Groups and Facebook.” Source:

39. November 4, The Register – (International) Google opens up OAuth to tackle password chores. Google has opened up a technology designed to cut back on the number of passwords users need to access multiple websites to web developers, effectively moving the technology into the mainstream after a restricted beta lasting almost a year. Plaxo, Facebook and Yahoo! signed up to support so-called “hybrid onboarding” technology that combines OpenID log-ins with OAuth data swapping at various times since the start of 2009. Support of the technology means that rather than creating a Plaxo account from scratch, for example, Gmail users can log into their webmail account to authorize the export of profile and contacts data over to Plaxo. Much the same process occurs in responding to requests to establish a Facebook profile sent to a Yahoo! webmail account since late September. The technology is designed to make the sign-up process less of a chore for users while helping to cut down on the need to maintain numerous passwords for multiple sites. On November 3 Google released its login flow designs to the general population of website operators, explaining “all of these hybrid onboarding techniques are based on industry standards that both Google and Yahoo! support, and that other email providers are beginning to support as well”. Source:

40. November 4, PC World – (International) Java patch closes security holes. A new Update 17 version for JRE and JDK closes some major risks, including “arbitrary code execution,” according to US-CERT. Sun’s new software versions, released yesterday, also address privilege escalation, denial of service, and information disclosure vulnerabilities, according to US-CERT’s post. Unless a user turned it off, Java will check for updates automatically, but will only do so once a month (on a day that varies per installation). Source:

Communications Sector

41. November 5, Ogle County News – (Illinois) Fiber optic cut results in phone service disruptions. Phone service to Ogle County customers was disrupted Tuesday morning when a contractor cut a fiber optics line east of Oregon. The Ogle County Sheriff said a contractor digging along Ill. 64 about two miles east of Oregon cut the Verizon line shortly before noon. A contingency plan went into effect after service, including 911, was disrupted to the Polo, Leaf River, and Grand Detour exchanges, he said. “Verizon repair crews are at the location of the fiber cut,” he said just before 3 p.m. Tuesday. Source:

42. November 4, Honolulu Adverstiser – (Hawaii) AT&T says service disrupted to some Honolulu wireless customers. AT&T said some of it wireless customers in Honolulu were experiencing an interruption of service Wednesday due to “an equipment issue.” “AT&T technicians are currently working to resolve the issue, and we will provide more information as it becomes available,” a company spokesman said in an e-mail. “We apologize for any inconvenience to our customers,” the spokesman said. Source: