Department of Homeland Security Daily Open Source Infrastructure Report

Tuesday, November 17, 2009

Complete DHS Daily Report for November 17, 2009

Daily Report

Top Stories

 The Associated Press reports that a late-night explosion shook an electric arc furnace at the Beta Steel Corp.’s northern Indiana hot-strip rolling mill, blowing out the side of the furnace and injured eight workers, six of whom required medical care. (See item 11)

11. November 15, Associated Press – (Indiana) 8 injured in explosion at Beta Steel mill in Ind. A late-night explosion that shook Beta Steel Corp.’s northern Indiana hot-strip rolling mill injured eight workers, six of whom required medical care. The Portage Fire Chief said on November 15 that two of the six workers hospitalized after Saturday night’s blast suffered the worst injuries. He did not know the names or conditions of the workers but said none of them had life-threatening injuries. Their injuries ranged from burns to back injuries. Two of the workers shaken by the blast declined medical treatment. He says an explosion shook an electric arc furnace at the mill about 10:20 p.m. Saturday, blowing out the side of the furnace. Fire crews put out spot fires in a few minutes. Beta Steel produces hot-rolled coil for steel service centers and tube and pipe manufacturers. Source:,0,7736953.story

 According to the Associated Press, federal health regulators have found tiny particles of trash, including bits of steel, rubber and fiber, in drugs made by Genzyme, the second time this year the biotechnology company has been cited for contamination issues. (See item 32)

32. November 13, Associated Press – (Massachusetts) FDA finds bits of steel, rubber in Genzyme drugs. Federal health regulators have found tiny particles of trash in drugs made by Genzyme, the second time this year the biotechnology company has been cited for contamination issues. The U.S. Food and Drug Administration (FDA) said Friday that bits of steel, rubber and fiber found in vials of drugs used to treat rare enzyme disorders could cause serious adverse health effects for patients. Despite those problems, the FDA said the products would remain on the market, because there are few alternative treatments. FDA regulators say doctors should closely inspect vials for particles before injecting them into patients. Doctors should return the product to Genzyme if they suspect contamination, the agency said. Physicians should also watch for potential allergic reactions, blood clots and other problems in patients. The FDA announcement is the second case of contamination for the Cambridge, Massachusetts-based company this year. In June, Genzyme was forced to shut down a key production facility due to viral contamination. Genzyme did not return repeated calls for comment. Source:


Banking and Finance Sector

16. November 14, Sierra Vista Herald – (Arizona) Goddard warns of ‘phishing’ scam targeting credit union customers. The Arizona attorney general warned consumers about a “phishing” scam purported to be from Credit Union West, a Glendale-based financial institution, requesting personal information. Verizon, Sprint and T-Mobile customers have received text messages stating that their Credit Union West account has been suspended because of unusual activity. The text messages provide a phone number for the customers to call to get their account back in good standing. Cox Communication customers have also received voice-mails with similar messages. This is a scam, as Credit Union West does not ask for confidential information through text message or e-mail. Source:

17. November 14, ProPublica – (National) Regulators seize another recipient of TARP ‘healthy bank’ bailout. Regulators seized three banks on November 13, bringing the toll of failed banks for the year to 123. One of the banks closed on November 13 was a TARP recipient: Pacific Coast National Bank of San Clemente, California, received $4.1 million in taxpayer funds in January. That investment, made through the Treasury Department’s program to invest in “healthy banks,” will be wiped out. The FDIC struck a deal with Sunwest Bank of Tustin, California, to assume Pacific Coast’s deposits and assets. Pacific Coast had only two branches. The failure will cost the FDIC $27.4 million. The other two banks seized were in Florida. The failure of Orion Bank of Naples, a community bank with 23 branches, will cost the FDIC $615 million. Century Bank of Sarasota will cost the FDIC $344 million. IberiaBank of Louisiana assumed all the deposits and part of the assets of each. Source:

Information Technology

40. November 14, The Register – (International) Researcher busts into Twitter via SSL reneg hole. A Turkish graduate student has devised a serious, real-world attack on Twitter that targeted a recently discovered vulnerability in the secure sockets layer (SSL) protocol. The exploit by the graduate student is significant because it successfully targeted the so-called SSL renegotiation bug to steal Twitter login credentials that passed through encrypted data streams. When the flaw surfaced last week, many researchers dismissed it as an esoteric curiosity with little practical effect. For one thing, the critics said, the protocol bug was hard to exploit. And for another, they said, even when it could be targeted, it achieved extremely limited results. The skepticism was understandable: While attackers could inject a small amount of text at the beginning of an authenticated SSL session, they were unable to read encrypted data that flowed between the two parties. Despite those limitations, the graduate student was able to exploit the bug to steal Twitter usernames and passwords as they passed between client applications and Twitter’s servers, even though they were encrypted. He did it by injecting text that instructed Twitter’s application protocol interface to dump the contents of the web request into a Twitter message after they had been decrypted. Twitter’s security team closed the hole the week of November 9. Source:

41. November 14, ComputerWorld – (International) Microsoft confirms first Windows 7 zero-day bug. Microsoft on November 13 confirmed that an unpatched vulnerability exists in Windows 7, but downplayed the problem, saying most users would be protected from attack by blocking two ports at the firewall. In a security advisory, Microsoft acknowledged that a bug in SMB (Server Message Block), a Microsoft-made network file- and print-sharing protocol, could be used by attackers to cripple Windows 7 and Windows Server 2008 R2 machines. The zero-day vulnerability was first reported by a Canadian researcher on November 11, when he revealed the bug and posted proof-of-concept attack code to the Full Disclosure security mailing list and his blog. According to the researcher, exploiting the flaw crashes Windows 7 and Server 2008 R2 systems so thoroughly that the only recourse is to manually power off the computers. At the time, Microsoft only said it was investigating his reports. Then on November 13, it took the next step and issued the advisory. “Microsoft is aware of public, detailed exploit code that would cause a system to stop functioning or become unreliable,” a spokesman for Microsoft security group, said in an e-mail. “The company is not aware of attacks to exploit the reported vulnerability at this time.” Source:

42. November 13, Government Technology – (California) California plans to launch information security operations center. California intends to create a state-of-the-art information security operations center to monitor cyber-threats and protect state and local government networks from attack. The proposal is part of a sweeping five-year plan, released November 12 by the state Chief Information Security Officer, which is designed to safeguard government data and critical technology resources from increasingly sophisticated cyber-criminals. The plan calls for creating a California Information Security Operations Center (CA-ISOC) that would provide real-time detection of cyber-attacks and security intrusions across all state government agencies. The center also would support local government networks that need assistance. The CA-ISOC would watch for attacks on the state government’s critical information infrastructure, including attempts to disrupt automated control networks for dams, power plants and other physical facilities. The plan also envisions creating a California Computer Incident Response Team that would work in concert with the state’s Emergency Management Agency and Fusion Center, as well as the U.S. Department of Homeland Security. Source:

43. November 13, PC World – (International) DNS problem linked to DDoS attacks gets worse. Internet security experts say that misconfigured DSL and cable modems are worsening a well-known problem with the Internet’s DNS (domain name system), making it easier for hackers to launch distributed denial-of-service (DDoS) attacks against their victims. According to research set to be released in the next few days, part of the problem is blamed on the growing number of consumer devices on the Internet that are configured to accept DNS queries from anywhere, what networking experts call an “open recursive” or “open resolver” system. As more consumers demand broadband Internet, service providers are rolling out modems configured this way to their customers said the vice president of architecture with Infoblox, the DNS appliance company that sponsored the research. “The two leading culprits we found were Telefonica and France Telecom,” he said. In fact, the percentage of DNS systems on the Internet that are configured this way has jumped from around 50 percent in 2007, to nearly 80 percent this year, according to the vice president. Though he has not seen the Infoblox data, a Georgia Tech researcher agreed that open recursive systems are on the rise, in part because of “the increase in home network appliances that allow multiple computers on the Internet.” Because modems configured as open recursive servers will answer DNS queries from anyone on the Internet, they can be used in what’s known as a DNS amplification attack. In this attack, hackers send spoofed DNS query messages to the recursive server, tricking it into replying to a victim’s computer. If the bad guys know what they are doing, they can send a small 50 byte message to a system that will respond by sending the victim as much as 4 kilobytes of data. By barraging several DNS servers with these spoofed queries, attackers can overwhelm their victims and effectively knock them offline. Source:

For another story, see item 34 below:

34. November 15, Johnstown Tribune-Democrat – (Pennsylvania) UPJ investigating source of computer virus. Officials at the University of Pittsburgh at Johnstown (UPJ) say they are re-evaluating their computer defenses after their network fell victim to a virus attack last week. They also are continuing their investigation into the source of the attack, which was first noticed early Tuesday. At about 5 a.m., members of the information technology department noticed that something foreign on the network was consuming large amounts of bandwidth. In effect, the virus clogged the networks to such a degree that the flow of information on campus was reduced to a slow trickle. “I really credit our IT staff for catching this as quickly as they did, because it really could have had serious consequences,” said the director of Alumni and Community Relations at UPJ. He said that without their quick reaction, the entire IT infrastructure on campus could have been brought down. All computer labs on campus were closed before noon on Tuesday and several lab-based classes were canceled. The director said the IT department will continue to investigate the origin of the attack, but that the virus did not necessarily originate on campus. Several servers and Web sites around the world reported similar attacks early last week. Source:

Communications Sector

Nothing to report