Department of Homeland Security Daily Open Source Infrastructure Report

Tuesday, December 22, 2009

Complete DHS Daily Report for December 22, 2009

Daily Report

Top Stories

 CNN reports that a major snowstorm slammed the East Coast and snarled the busy holiday travel season Saturday as airports shut down runways, rail service slowed, and bus routes were suspended. The Examiner reports that hundreds of thousands of customers in several States lost power during the storm. (See items 1 and 18)

1. December 21, Examiner – (National) Winter Storm to remember across the Mid Atlantic & Northeast. The major Mid Atlantic/Northeast Winter Storm dumped 1 to 2 feet of snowfall across several States as the storm moved steadily up the East Coast, Friday afternoon through Sunday morning. Thirteen States recorded heavy snowfall amounts of 10 to 30 inches. States of Emergency were declared in West Virginia, Virginia, Maryland, Kentucky, and Delaware. Snow Emergencies were declared in Washington D.C., Philadelphia, and Boston. Over 55,000 were without power in Western North Carolina. Over 105,000 were without power across Kentucky. 200,000 lost power across Virginia during the storm. 64,000 lost power in West Virginia during the storm. The National Guard assisted with snow removal and emergency assistance and operations in West Virginia. Source:

18. December 20, CNN – (National) Record snow continues to fall as deadly East Coast storm lingers. A major snowstorm slammed the East Coast and snarled the busy holiday travel season Saturday as airports shut down runways, rail service slowed, and bus routes were suspended on the last weekend before Christmas. Record snowfall totals were reported Saturday afternoon at Washington Dulles and Reagan National airports. Accumulation at Dulles reached 16 inches, breaking the old record of 10.6 inches set December, 12, 1964; 13.3 inches was reported at Reagan. The old record there was 11.5 inches set December 17, 1932. Three deaths in Virginia were blamed on the storm, state officials said. One person was killed late Friday in a single-car crash. Two other deaths were reported Saturday as more heavy snow was expected. The Virginia Governor authorized up to 1,000 National Guardsmen to assist in responding to the storm, which dumped more than 20 inches of snow in parts of the state by Saturday evening. Virginia State Police had responded to nearly 3,000 accidents or disabled vehicles since Friday night, the governor’s office said. The storm stretched from Tennessee and North Carolina to the southern New England states, blanketing the mid-Atlantic region and the heavily populated I-95 corridor. Source:

 According to the Arizona Republic, a strong metallic odor at the Scottsdale Galleria Corporate Center forced the evacuation of about 1,200 office workers and sent 21 people to the hospital with breathing difficulties Friday afternoon. (See item 47)

47. December 18, Arizona Republic – (Arizona) Unknown fumes overcome Scottsdale Galleria offices, prompt evacuation. A strong metallic odor at the Scottsdale Galleria Corporate Center forced the evacuation of about 1,200 office workers and sent 21 people to the hospital with breathing difficulties Friday afternoon. As of late Friday, Scottsdale Fire Department investigators had not yet identified the source or cause of the odor, but industrial hygienists and building engineers were scheduled to enter the building during the evening, said a fire spokeswoman. Thirteen people were transported to Scottsdale Healthcare Osborn as a precaution after complaining of feeling ill. Eight others drove themselves to the hospital and two refused treatment. Scottsdale fire crews first responded to a 911 call of a bad odor at the Galleria at about 3 p.m. Friday. The caller reported that some people had trouble breathing and were feeling sick. The Scottsdale Visitor and Convention Bureau is among the tenants housed in the former mall that years ago was converted into office space and call centers. Bureau workers stood outside for about an hour before they were told to finally go home, said a bureau spokeswoman. They were not let back into the building. Source:


Banking and Finance Sector

13. December 19, Bank Info Security – (National) Seven banks closed on Dec. 18. Seven banks were closed by state and federal regulators on Friday, December 18, including four institutions of more than $1 billion in assets under management. The largest of the failures was First Federal Bank of California, a $6.1 billion bank, which subsequently was taken over by OneWest Bank of Pasadena, California. Three of the banks — RockBridge Commercial Bank, Atlanta, Georgia; Citizens State Bank, New Baltimore, Minnesota.; and Independent Bankers’ Bank, Springfield, Illinois — were closed without being acquired by other institutions. The other three institutions were Peoples First Community Bank, Panama City, Florida; New South Federal Savings Bank, Irondale, Alabama; and Imperial Capital Bank, La Jolla, California. In all, there now have been 170 failed institutions in 2009 — 140 banks and 30 credit unions. Source:

14. December 19, Associated Press – (New York) New York man charged in $35 million Ponzi scheme. Federal authorities say an upstate New York businessman has been charged with bilking oil and natural gas investors in a six-year Ponzi scheme that took in an estimated $35 million. An assistant U.S. Attorney says that the 71-year-old suspect is believed to have returned $30 million to $31 million to keep the scheme going from April 2003 to March 2009. He says the suspect pocketed the remainder. The suspect pleaded not guilty on December 17 to fraud and money laundering. A judge gave his lawyer two months to review evidence seized by authorities. The FBI and the Internal Revenue Service have been investigating the suspect’s business dealings for more than a year. They say many of the 320-plus investors lived in western New York. Source:

15. December 18, KIVI 6 Boise – (Idaho) Fraudulent bank alerts. Thousands of emails and text messages are being sent out to Idahoans telling them their bank accounts are frozen, and it sends the customer a link to their bank’s Web site. “This is a very sophisticated operation. The website you go to looks like the real one but it’s not, it’s masked,” said the deputy attorney general of Idaho. The Better Business Bureau says at least 100 people from Eastern Idaho have become victim to this phishing scam. A customer can tell the Web site is not real because it will not have the correct Web address. A danger exists when the link is clicked on. “It’s going to load software on your computer, it’s going to scan your computer for your sensitive information, your bank account number, your password and it’ll watch you as you work and report that information to the scam artist,” said a spokesman from the Better Business Bureau. Source:

16. December 16, U.S. Government Accountability Office – (National) Troubled Asset Relief Program: The U.S. government role as shareholder in AIG, Citigroup, Chrysler, and General Motors and preliminary views on its investment management activities. The recent financial crisis resulted in a wide-ranging federal response that included infusing capital into several major corporations. The Troubled Asset Relief Program (TARP) has been the primary vehicle for most of these actions. As a result of actions and others, the government is a shareholder in the American International Group (AIG), Citigroup Inc. (Citi), Chrysler Group LLC (Chrysler), and General Motors Company (GM), among others. As market conditions have become less volatile, the government has been considering how best to manage these investments and ultimately divest them. The testimony discusses the government’s approach to past crisis and challenges unique to the current crisis; the principles guiding the Department of the Treasury’s implementation of its authorities and mechanisms for managing its investments; and the preliminary views from GAO’s ongoing work with the Special Inspector General for TARP on the federal government’s monitoring and management of its investments. This statement builds on GAO’s work since the 1970s on providing government assistance to large corporations and more recent work on oversight of the assistance and investments provided under TARP. In its November 2009 report, GAO recommended that Treasury ensure it has expertise needed to monitor its investment in Chrysler and GM and that it has a plan for evaluating the optimal method and timing for divesting this equity. Source:

Information Technology

36. December 21, The Register – (International) Twitter hack linked to internal security breach. Twitter’s login credentials were used to make DNS changes that redirected surfers to a protest site on December 18, according to site administrators. Surfers visiting the micro-blogging Web site for about an hour early on Friday morning were instead redirected to a page on another site, boasting that Twitter had been “pwned” by a previously unknown group called the Iranian Cyber Army. Twitter acknowledged its DNS records “were temporarily compromised” in a status page update, without going into the specifics of the hack. However, security experts involved in maintaining the site said Twitter’s own login credentials were used in the attack. The chief technology officer at Dyn told Wired that attackers used a “set of valid Twitter credentials” to change DNS setting and redirect surfers. Source:

37. December 18, Government Computer News – (International) Office 2010 takes aim at malware threats. Microsoft described a security feature in Office 2010 designed to block malware associated with older Office binary file formats. The feature, called “Office file validation,” checks to see if a binary file used by Office applications such as Word, PowerPoint and Excel (with .DOC, .PPT and .XLS extensions) is a trusted document or stored in a trusted location. If not, the file will get protected in a sandbox, or “protected view,” which will limit the file’s access to system resources, according to a member of Microsoft’s Office security team, in a blog post on December 16. The new Office file validation feature extends concepts from an earlier Microsoft security tool called “MOICE,” or Microsoft Office Isolated Conversion Environment, according to the CTO of Qualys. “Office documents received by e-mail or downloaded through the Internet are opened in a protected environment, a ‘sandbox,’ and if the document attempts to modify the underlying operating system, it is blocked by the sandbox,” the CTO explained in an e-mail. “If the user wants to edit and save the document, he has to press an ‘enable editing’ button to retrieve the document from the sandbox.” Source:

For more stories, see items 41 and 42 below in the Communications Sector

Communications Sector

38. December 21, Telegraph – (International) O2 network crashes for iPhone users. Some users have been unable to access the Internet on their Apple phone, making many of the popular applications redundant. Users trying to access applications or the Internet were met with the message: “Could not activate cellular data network.” O2 would not say how many of its customers have been affected, but it is understood a large chunk of its more than a million users have been having a problem since Saturday. Source:

39. December 18, PC World – (National) Operation Chokehold fails as it succeeds (and vice versa). Operation Chokehold, the coordinated attack on AT&T’s wireless network, was both a success and failure on Friday. The success was in further highlighting the complaints of iPhone users against the carrier; the failure was that it did not appear to have much effect on the AT&T network. Source:

40. December 18, Softpedia – (National) T-Mobile USA users hit by network outage again. Another network outage has hit users of Mobile phone carrier T-Mobile USA. The wireless services provider acknowledged the issue, stating that its network in Southeastern United States and Puerto Rico was the one affected. The outage this time is of a lesser magnitude than last month’s one. Following the aforementioned forum statement, the company stepped up and announced that it managed to restore the service to almost all of its users. “Some T-Mobile customers in the Southeastern United States and Puerto Rico experienced intermittent service degradation for voice and data services earlier today. T-Mobile has identified the equipment malfunction and service has been restored for the majority of customers. Some customers in Alabama, Tennessee and Georgia may still be experiencing service disruptions while T-Mobile continues to work to restore service as quickly as possible. Again, we apologize for any inconvenience to impacted customers in the region,” the operator noted. Source:

41. December 18, BBC News – (International) Chinese proposal to meter Internet traffic. China wants to meter all Internet traffic that passes through its borders. The move would require international agreement — but it is being discussed by the United Nations body in charge of Internet standards. It would allow countries which currently receive no payment for use of their lines to generate income. But a European Union cyber security expert has warned the plan could threaten the stability of the entire Internet. In later comments to BBC News, a member of the European Commission suggested that technical changes needed to charge everyone for Internet traffic flowing through China could undermine the Web’s founding principle of openness as well as raising security and stability concerns for all net users. Source:

42. December 18, TechCrunch – (International) Rackspace goes down. Again. Takes the Internet with it. Again. Rackspace had a complete and total failure on December 18 that took down a number of big sites on the Internet, including TechCrunch. This has been happening all too often in recent months, including downtime just last month. The failure apparently originated in the company’s Dallas-area server farm. But unlike previous times, this does not appear to be a power issue, the company says. Some other sites that are currently affected include: 37signals, Brizzly, Scoble’s blog, all of the sites hosted by Laughing Squid, Tumblr custom domains, and many others. This is another black eye for the company, though they are generally responsive with other issues. But until they can prove to be more reliable, TechCrunch decided to get a backup version of the site up and running at another data center. Source: