Department of Homeland Security Daily Open Source Infrastructure Report

Friday, January 15, 2010

Complete DHS Daily Report for January 15, 2010

Daily Report

Top Stories

 According to the St. Petersburg Times, farmers’ attempts to save crops from freezing temperatures by spraying them with water all night caused such a dramatic drop in the underground aquifer that it resulted in at least 22 sinkholes opening up in Hillsborough County, Florida. WDBO 580 Orlando reports that a significant depression formed in the road on I-4 near the Polk-Hillsborough County line. (See items 15 and 20)

15. January 13, WDBO 580 Orlando – (Florida) Part of I-4 shut down due to possible sinkhole. The Florida Department of Transportation (FDOT) closed all three eastbound lanes of I-4 near the Polk-Hillsborough County line because of a significant depression that formed in the road. FDOT says that the section could remain closed all of Wednesday and into Thursday. Engineers were concerned that the depression could have been the beginnings of a sinkhole, but they were able to determine Wednesday morning that it was not. 47,000 drivers a day use this stretch of the Interstate and at 6:30am traffic was backed up as far as the eye could see. Drivers traveling eastbound on the Interstate had to use the emergency lane to get around the unsafe portion of the road. FDOT discovered the problem with the roadway on Tuesday. Core samples and a ground scan helped engineers determine that part of the road had settled. At that point, two of the eastbound lanes were closed, resulting in a five mile backup. With all three lanes to remain closed through Wednesday, the backup is expected to be much worse. FDOT will drill ten holes, fill them with concrete and then re-asphalt the road. They do not expect the portion of the road to be reopened anytime Wednesday. “We just ask people to have patience. This is an emergency situation, but we need to fix the roadway so we can open it up for them,” said an engineer. To the naked eye, the dip in the road does not appear to be that severe. However, FDOT says when driving a vehicle over the depression at 70 MPH it can result in a significant jolt. Source:

20. January 14, St. Petersburg Times – (Florida) 30 percent of Florida crops damaged by freeze; 22 sinkholes open after fields sprayed. Despite farmers’ best efforts to protect their crops, about 30 percent of Florida’s agricultural bounty was damaged by this month’s freezing temperatures, state officials say. The farmers’ attempts to save their strawberries, citrus and other crops by spraying them with water all night caused such a dramatic drop in the underground aquifer that it resulted in at least 22 sinkholes opening up in Hillsborough County. Sinkholes have resulted before when farmers pumped millions of gallons of water out of the ground to spray it on their plants, hoping that the coating of ice that forms would protect the plants from damage. In the past, such sinkholes primarily affected the farmers themselves. The crumbling ground fell in and sucked down citrus trees or created instant lakes in the middle of a pasture. Now, geologists say, the spread of suburban development into formerly rural areas means more people are affected by what the farmers do. More than 300 people have called the Southwest Florida Water Management District to report problems with their private wells, ranging from burned-out pumps to wells that have dried up completely. A Swiftmud spokeswoman said after the freeze conditions are over, the agency will review how it handled the crisis and there may be changes. Source:

 reports that an initial contingent of 2,000 U.S. Marines could be deployed to quake-ravaged Haiti within the next few days to either help with emergency aid distribution or help enforce law in order after the U.N.’s peacekeeping operation headquarters was destroyed in the quake. About 100 U.N. personnel are believed to be trapped in the ruins of the building. (See item 26 and 29)

26. January 14, – (International) First U.S. vessel arrives at Port-au-Prince. The General in charge of the U.S. Southern Command described the U.S. response to the earthquake in Haiti. An initial contingent of 2,000 Marines could be deployed to the quake-ravaged country within the next few days to either help with emergency aid distribution or enforce law in order in conjunction with U.N. peacekeepers already there, the General said. The General said that a U.S. aircraft carrier, the USS Carl Vinson, is also heading from Norfolk, Virginia, to the area and should arrive Thursday afternoon after a stop off Naval Station Mayport in Florida to pick up helicopters, crews and supplies. The USS Bataan, carrying Marines from the 22nd Marine Expeditionary Unit, USS Fort McHenry and USS Carter Hall were ordered to get under way as soon as possible, and more vessels were ordered to stand ready to assist. The USS Higgins from Naval Station San Diego was scheduled to arrive off the coast of Haiti on Thursday to provide logistical services for Coast Guard helicopters. The dispatched troops would aim to keep the peace in the event of post-disaster unrest as part of a larger international effort overseen by the United Nations, whose peacekeeping operation headquarters was destroyed in the quake. About 100 U.N. personnel are believed to be trapped in the ruins of the building. Source:

29. January 14, Yeshiva World News – (International; New York) NYC search & rescue taskforce heads to Haiti. Among those offering to help the people of Haiti is a group of emergency medical technicians and a search and rescue taskforce from Brooklyn who have volunteered to make the trip to the devastated Caribbean island. The 80 or so members of Task Force One are hoping to be on the ground in Haiti by the afternoon. The rescue team is managed by the Office of Emergency Management. It is made up of highly trained personnel from the NYPD and FDNY who specialize in disaster relief and emergency triage and medicine. The taskforce has been loading equipment they could use to search for victims through the sea of rubble that remains of the capital. The taskforce will travel with a doctor and 4 K-9 units. Source:


Banking and Finance Sector

11. January 14, Forum of Fargo-Moorhead – (North Dakota) Scam texts center on Fargo credit union cards. A series of scam text messages has tried to trick cell phone users into giving up bank account information by telling them their card with Fargo Public Schools Federal Credit Union has been deactivated. Two batches of the scam texts have been identified, one sent to Sprint users on January 9 and another to Verizon subscribers on January 12, said the credit union’s CEO. She said it appears the scammers are working from cell phone subscriber lists, plucking out Fargo names. Information about credit union accounts have not been accessed, she said. She said the credit union has received hundreds of phone calls about the text messages, which she figures could have been sent to thousands of people. West Fargo police sent a warning out about the text messages late on January 13, saying they have received numerous reports about them. Source:

12. January 13, Credit FYI – (National) Debit cards as vulnerable to fraud as credit cards. Shoppers are frequently warned to be on guard against consumer credit card fraud, but they may be less inclined to think about the security risks that they face with their debit card as well. According to Discover, debit cards can be vulnerable to identity theft and other fraudulent activity when shoppers fail to properly safeguard their personal identification numbers (PINs). People are advised to change their passwords and PINs regularly so the information stays out of the wrong hands. Another thing to watch for is criminals who can steal financial data simply by looking over a person’s shoulder or, in some cases, by using so-called skimming devices that can be attached to an ATM machine to steal data. Discover also advises people to regularly track their purchases online to spot any red-flag activity as quickly as possible, and to promptly report any missing cards so that potential thieves do not get a head start on racking up fraudulent charges. Source:

Information Technology

31. January 14, Computerworld – (National) Alleged China attacks could test U.S. cybersecurity policy. The attacks on Google and more than 30 other Silicon Valley companies by agents allegedly working for China is focusing renewed attention on the issue of state-sponsored cyber attacks and how the U.S. government should respond to them. The U.S. has no formal policy for dealing with foreign government-led threats against U.S. interests in cyberspace. With efforts already under way to develop such a policy, the recent attacks could do a lot shape the policy and fuel its passage through Congress. On January 12, the U.S. Secretary of State released a statement asking the Chinese government for an explanation for the attacks, which raised “very serious concerns and questions.” Source:

32. January 13, CNET News – (International) Gmail to get secure net connection by default. Shortly after Google announced the partially successful cyberattack on Gmail, the company said it will activate by default a secure network technology for its e-mail service. Google has long offered the option to access its Web-based Gmail service by using HTTPS — a secure version of the Hypertext Transfer Protocol that Web browsers use to retrieve information from Web sites. Now it will become the norm. “Using HTTPS helps protect data from being snooped by third parties, such as in public Wi-Fi hotspots,” the Gmail engineering director said in a Gmail blog post on January 12. “We initially left the choice of using it up to you because there’s a downside: HTTPS can make your mail slower since encrypted data doesn’t travel across the Web as quickly as unencrypted data. Over the last few months, we’ve been researching the security/latency tradeoff and decided that turning HTTPS on for everyone was the right thing to do.” Source:

33. January 13, Nextgov – (International) More cyberattacks likely from group that took down Chinese search engine. The source and motivation behind a cyberattack against China’s largest Internet search engine on January 12 remains unclear, as does its relation to an attack on Google, but more computer networks likely will be targeted, security professionals said. The same group that took down Twitter in December 2009 hacked China’s most popular search engine, Baidu, taking down the Web site for almost four hours. Whether the group has legitimate ties to Iran or Iranian terrorist organizations is unclear. “We are seeing the visible peak of the underground cyberwar that goes on around us 24 hours a day,” a forensic technologist who has 31 years experience said. “Terrorists and governments — through fronts — use attacks to test for weaknesses, gauge reaction and build cyberattack playbooks against adversaries. Governments can’t stop these attacks because of the [interconnected] nature of the Internet.” The group likely will strike again at another heavily visited domain to ensure continued global attention, said the chief executive officer of the security software company Internet Identity. Source:

34. January 13, IDG News Service – (California) Law firm in Green Dam suit targeted with cyberattack. The law firm representing a U.S. company involved in a legal dispute over China’s Green Dam censorship software says it was targeted with a sophisticated online attack this week, similar to the one reported by Google on January 12. Gipson Hoffman & Pancione, a Los Angeles law firm, says employees began receiving well-crafted e-mail messages that appeared to come from other company staffers. The messages tried to get the victims to either open a malicious attachment or visit a Web site that hosted attack code. “It came from email addresses that people would recognize as internal to the firm, and the attempt was to make it seem like everyday stuff,” said an attorney with the company. The company reported the attack to the U.S. Federal Bureau of Investigation, the attorney said. Although 10 employees were targeted, none of them took the bait, he said. “We were on guard prior to filing the lawsuit that something like this would happen.” Source:

35. January 13, Federal Bureau of Investigation – (International) Haitian earthquake relief fraud alert. The FBI, on January 13, reminds Internet users who receive appeals to donate money in the aftermath of Tuesday’s earthquake in Haiti to apply a critical eye and do their due diligence before responding to those requests. Past tragedies and natural disasters have prompted individuals with criminal intent to solicit contributions purportedly for a charitable organization and/or a good cause. Do not respond to any unsolicited (spam) incoming e-mails, including clicking links contained within those messages. Be skeptical of individuals representing themselves as surviving victims or officials asking for donations via e-mail or social networking sites. Verify the legitimacy of nonprofit organizations by utilizing various Internet-based resources that may assist in confirming the group’s existence and its nonprofit status rather than following a purported link to the site. Be cautious of e-mails that claim to show pictures of the disaster areas in attached files because the files may contain viruses. Only open attachments from known senders. Make contributions directly to known organizations rather than relying on others to make the donation on your behalf to ensure contributions are received and used for intended purposes. Do not give your personal or financial information to anyone who solicits contributions: Providing such information may compromise your identity and make you vulnerable to identity theft. Source:

36. January 13, DarkReading – (International) Spear-Phishing attacks out of China targeted source code, intellectual property. The wave of targeted attacks from China on Google, Adobe, and more than 20 other U.S. companies, which has led the search giant to consider closing its doors in China and no longer censor search results there, began with end users at the victim organizations getting duped by convincing spear-phishing messages with poisoned attachments. Google and Adobe both revealed on January 12 that they were hit by these attacks, which appear to be aimed mainly at stealing intellectual property, including source code from the victim companies, security experts say. So far, the other victim companies have yet to come forward and say who they are, but some could go public later this week. Microsoft, for one, appears to be in the clear: “We have no indication that any of our mail properties have been compromised,” a Microsoft spokesperson said in a statement issued on January 13. iDefense says the attacks were primarily going after source code from many of the victim firms, and that the attackers were working on behalf of or in the employment of officials for the Chinese government. The attacks on Google, Adobe, and others started with spear-phishing email messages with infected attachments, some PDFs, and some Office documents that lured users within the victim companies, including Google, to open what appeared to be documents from people they knew. The documents then ran code that infected their machines, and the attackers got remote access to those organizations via the infected systems. Interestingly, the attackers used different malware payloads among the victims. “This is a pretty marked jump in sophistication,” iDefense’s head on international cyberintelligence says. “That level of planning is unprecedented.” Source:

37. January 13, The Register – (International) Trojan pr0n dialers make comeback on mobile phones. After taking a long hiatus, trojan dialers that can rack up thousands of dollars in charges are back by popular demand. According to researchers at CA Security’s malware analysis lab, a new wave of malicious dialers is hitting users of mobile phones. The trojans are built on the Java 2 Micro Edition programming language and cause infected handsets to send SMS messages to high-cost numbers, at great expense to the victim. “As soon as the application is loaded, this malicious software starts to send premium text messages,” CA warned on January 12. “The messages sent out are in the typical format to invoke premium services and land the mobile user with heavy mobile bills without the user’s knowledge and consent.” Malware that automatically dials pricey premium numbers was all the rage a decade ago, when dial-up internet services required computers to connect to a phone line. With the growth of broadband connections the frequency of dialers waned. The explosion of smart phone that can run software made by anyone has given malicious dialers a new lease on life. And as was the case in previous years, they mostly tap into pornographic services. Source:

Communications Sector

38. January 13, Nisqually Valley News – (Washington) Maintenance work will interrupt Thurston County website and services. A planned network outage will shut down Thurston County’s web site and will also interrupt some other services this coming weekend. Thurston County Central Services Information Technology (IT) is reconfiguring the main network room and the first part of this major project is scheduled to start at 8am Saturday morning, January 16th. This work is set to run through the holiday weekend, January 16th - 18th. Data network services including the Internet site, email and other services will be down throughout county facilities. Telephone services to and from the main courthouse campus will be limited. Phone services for remote facilities will be down except for the Family Justice Center (FJC). The public will be able to call in to FJC. IT staff will prioritize the network restoration and the goal is to have the critical infrastructure and systems up and running by Saturday evening. IT staff plans to work on Sunday, January 17th, 8am-5pm, to finish restoring systems not completed Saturday. The first phase of the project is scheduled to be completed by January 18th at the very latest. The goal of the project is to accommodate integration of some new equipment and to assist with energy efficiency. Source:

39. January 13, Merced Sun-Star – (California) Valley Public Radio loses signal. Valley Public Radio was off the air this morning as a result of what its general manager called “a satellite problem.” The station’s president and general manager said a feed from the station to its transmitter in the Sierra went down overnight after a series of power outages. The station was awaiting a technician to arrive and diagnose the cause. “It is a mystery,” the general manager said. “We have no idea. It says it’s feeding a signal but it’s not.” A signal to the station’s other transmitter in the Bakersfield area was being received successfully and was broadcasting a limited program of classical music, she said. Source: