Department of Homeland Security Daily Open Source Infrastructure Report

Thursday, January 21, 2010

Complete DHS Daily Report for January 21, 2010

Daily Report

Top Stories

 The Associated Press and Fort Myers News-Press report that agricultural losses from the latest freezes could easily top hundreds of millions of dollars, a Florida Department of Agriculture and Consumer Services official said Tuesday. Lee, Collier, Charlotte, and Hendry counties reported $100 million in losses. (See item 24)

24. January 19, Fort Myers News-Press and Associated Press – (Florida) Florida freeze losses to top hundreds of millions of dollars. Agricultural losses from the latest freezes could easily top hundreds of millions of dollars, a Florida Department of Agriculture and Consumer Services official told lawmakers on Tuesday. Preliminary damage reports are trickling into the department, a department spokeswoman said. Lee, Collier, Charlotte, and Hendry counties reported $100 million in losses, including 5,000 acres of tomatoes, and a 30 percent, or $25 million, loss to the pepper harvest, she said. The Agriculture Commissioner will tour the state Wednesday to assess damage. On Tuesday afternoon, the governor extended for seven days an executive order lifting weight restrictions on the state highways so growers can get as much product to market as quickly as possible. Florida provides that nation with 70 percent of its domestically grown winter fruits and vegetables. The total damage to Florida’s $9 billion citrus industry is still unclear, and may not be known for many months, said the executive vice president of the Indian River Citrus League in Vero Beach. Source:

 KSL 5 Salt Lake City reports that a man in his early 30s died Tuesday hours after ingesting a hazardous substance at his job at Sabinsa Corporation in Payson, Utah, and two dozen people at the Intermountain Healthcare clinic where he went for treatment were quarantined. (See item 38)

38. January 19, KSL 5 Salt Lake City – (Utah) Saratoga Springs man dies after ingesting workplace chemical. A Saratoga Springs man in his early 30s died Tuesday hours after ingesting a hazardous substance, and two dozen people at the health clinic where he went for treatment were quarantined, officials said. An Intermountain Healthcare spokeswoman said the man apparently ingested selenomethionine at his job. She said early reports indicated that he inhaled the substance but she could not confirm that. She said the man worked at Sabinsa Corporation in Payson, Utah. The company’s website says it manufactures synthetic substances used in pharmaceuticals and the nutrition industry. The clinic was shut down and 24 people there were quarantined. Eight of them were decontaminated in a tent on the clinic site, but none complained of feeling ill. Most of those quarantined at the InstaCare were cleared Tuesday night. Hazmat crews have spent most of their time at the man’s home, where his family and a neighbor are under close watch. Source:


Banking and Finance Sector

16. January 20, Asbury Park Press – (New Jersey) Holiday City bank evacuated after bomb threat. Police are evacuating a Holiday City bank as they investigate a bomb threat on January 20. Patrons and employees of the Provident Bank on Plaza Drive were evacuated at about 10:30 a.m., a detective sergeant said. Police then began evacuating surrounding buildings as they began to investigate the threat, he said. Further information was not immediately available. Drivers are advised to avoid the roads surrounding the bank, including the intersection of Mule Road and Route 37, if possible. Source:

17. January 19, CNET News – (International) Korea rules virtual currency as good as cash. Virtual currency has been one of the more confusing areas of gaming and social networking, with different sites, games and even countries treating currency and goods differently. South Korea has decided that virtual currency is the equivalent of real-world money bringing to light some very real ramifications for users not just in Korea but in other countries as well. The ruling allowing “cyber money” is the first in Korea and was based on the acquittal of two gamers indicted on charges of illegally making money by selling goods earned in the game Lineage. In-game or in-site currency has to date not been able to be swapped for cash — at least not in the U.S. Accordingly, there have been few issues related to gambling and taxes, but this decision in Korea brings up a lot of very ugly possibilities not just for gamers, but for the companies that provide these virtual cash exchanges. Several months ago China decided to tax virtual goods, hoping that players would voluntarily pay the tax on the near $3 billion in annual gaming revenues. A voluntary system would likely never work in the U.S., where government regulations would quickly come into play related to how games are allowed to distribute funds and what constitutes gambling. For example, if a player was rewarded with in-game currency, then there could be tax implications if the player were to sell the in-game asset. Similarly, if a player were to sell a virtual-asset to another player, the player might be required to pay sales tax, or report the sale as earnings. Source:

18. January 19, Insurance Business Review – (International) Philadelphia Insurance launches new cyber security liability product. Philadelphia Insurance Companies (PHLY) has introduced a new cyber security liability product for small and middle-market customers, which offers both first and third party coverages in one package. The company said that the coverage parts include loss of digital assets, non-physical business interruption, network security and privacy liability, electronic media liability, cyber extortion, customer notification, and public relations expense. Most classes are acceptable; however, prohibited classes include financial institutions, on-line retailers, credit card processors, law firms, hospitals, and colleges or universities, the company said. Source:

19. January 19, KHOU 11 Houston – (Texas) HPD: Tech-savvy thieves target ATMs with skimming devices. Tech-savvy crooks are putting skimming devices and cameras on ATM machines so they can steal money, said a Houston police lieutenant. Police recently arrested a 31 year old suspect and an accomplice who are accused of placing a skimming device on an ATM machine in the 4300 Block of Montrose, the lieutenant said. The police lieutenant works with the department’s financial crimes division. Police said the two suspects sat across the street from the ATM machine in a black Cadillac Escalade watching with binoculars. Once they saw the customers pull up, they moved in a little bit closer and would turn on their wireless camera, police said. The camera allowed them to watch the customer enter the banking pin into the keypad. One Houston area bank lost more than $200,000 because of the skimming device. Source:

Information Technology

46. January 20, IDG News Service – (International) Security researcher IDs China link in Google hack. The malicious software used to steal information from companies such as Google contains code that links it to China, a security researcher said on January 19. After examining the back-door Hydraq Trojan used in the hack, a SecureWorks researcher found that it used an unusual algorithm to check for data corruption when it transmits information. The source code for this algorithm, “only seems to be found on Chinese Web sites, which suggests that the person who wrote it reads Chinese,” he said. That may be an important hint. Because while Google has implied that the people who hacked its computers had the support of the People’s Republic of China, company executives have admitted that they have no proof. Google has threatened to pull out of China, in part because of the cyber attack. According to the researcher’s firm, aside from the fact that the fact that some of the servers used in the attack were hosted in China, there had previously been no evidence of a China link. Because the attackers could have simply purchased or hacked into hosting services in China, linking the command-and-control servers to China is inconclusive. The code behind the attack, called Aurora, was written in 2006. But, apparently it was rarely used, which helped it evade antivirus detection for several years. The Hydraq Trojan — just one element of all of the Aurora software security firms have found — dates back to April 2009, the researcher said. Google learned of the attack in December, and quickly notified other affected companies. Source:

47. January 19, The Register – (International) MS to issue emergency patch for potent IE vuln. Microsoft will release an emergency update that patches the Internet Explorer vulnerability used to breach the security defenses of Google and other large companies. The software maker has said that real-world attacks against the browser continue to be “very limited” and that they are effective only against version 6, which was first released in 2001. Still, researchers have determined that it is possible to exploit more recent versions using well-known techniques, causing the level of concern generated by the vulnerability to spiral since last week, when Google revealed that it 20 other companies were hit by highly sophisticated attacks that pilfered intellectual property and user data. Independent researchers have since raised the number of victims to 34 and said source code was specifically appropriated. “Given the significant level of attention this issue has generated, confusion about what customers can do to protect themselves and the escalating threat environment Microsoft will release a security update out-of-band for this vulnerability,” the general manager of Microsoft’s Trustworthy Computing Security group wrote on January 19. Source:

48. January 19, Computerworld – (International) Apple patches 12 Mac bugs in Flash, SSL. Apple on January 19 patched 12 vulnerabilities in Leopard and Snow Leopard, including seven in Adobe Flash Player and one in the protocol used to secure Internet traffic. Security update 2010-001, the first from Apple this year, is noticeably smaller than the monster issued last November that fixed almost 60 flaws. The seven fixes for Flash Player, Apple’s first update to the popular media player since September, brought the program up to version, the same edition that Adobe shipped December 8, 2009, for Windows and Linux. Adobe tagged six of the seven vulnerabilities as critical in its own security advisory last month. Because Apple bundles Flash Player with Mac OS X, it regularly distributes patches for the Adobe software, at times months after the latter has shipped patches. The six-week gap between Adobe’s issuing fixes and Apple delivering them this time was similar to the time it took Apple to update Flash in the summer of 2009. Altogether, nine of the 12 bugs were accompanied by the phrase “may lead to arbitrary code execution,” Apple’s way of saying that a flaw is critical and can be used by attackers to hijack a Mac. Apple does not assign ratings or severity scores to the bugs it patches, unlike other major software makers, such as Microsoft and Oracle. Source:

49. January 19, CNET News – (International) sues U.S. domain registrar over hacking. Leading Chinese search engine has filed a lawsuit that blames a U.S.-based Internet domain registrar for allegedly allowing a hacking attack that left the site disabled and defaced. Baidu filed suit in New York against, claiming that the domain registrar’s “gross negligence” led to the search giant being “unlawfully and maliciously altered,” the company said in a statement on January 19. Baidu’s site was disabled for several hours on January 12, and visitors were redirected to a site where a group calling itself the “Iranian Cyber Army” claimed responsibility for the attack. The same group had taken credit for a similar attack on Twitter last month. Baidu said that its Chinese site,, was unaffected by the outage. Source:

50. January 19, IDG News Service – (International) Hackers hit network solutions customers. Hackers have managed to deface several hundred Web sites hosted by Network Solutions, the company said on January 19. In a blog posting, the Internet service provider described the incident as a “limited attack on websites hosted on Network Solutions Unix servers.” Several servers were hit and “intruders were able to get through by using a file inclusion technique,” the blog post said. A Network Solutions representative could add little to the blog’s description of the attack, but remote file inclusion attacks are a relatively common way of exploiting buggy Web server programming in order to run unauthorized content on the server. “Our preliminary investigation indicates that the source of entry was through a single site,” said a spokeswoman in an e-mail. A Network Solutions customer learned on January 17 that someone had crawled the folders on the Web site she maintains and replaced all of the index.html and main.html files with new files claiming that the defacement was “For Palestine.” The second defacement made no mention of Palestine, but said simply “Server Is RooT!” Source:

51. January 19, The Register – (International) Berserker Bing bots bring down Perl network. Misfiring Microsoft search bots managed to render a site used by Perl Testers almost unusable recently. A post on the CPAN Testers’ blog reports that its servers were being scanned by “20-30 bots every few seconds”, resulting in what developers likened to a denial of service attack. The IP addresses of the bots — which failed to follow house rules defined in the site’s robots.txt file — were traced back to Microsoft. The behavior of the Bing bots contrasted with other search engine agents from the likes of Google, prompting site administrators to post an “msnbot must die” rant on January 15 before banning Microsoft’s search spiders. Source:

52. January 19, DarkReading – (International) Report: DDoS attacks still growing, but at slower rate. The number of distributed denial-of-service (DDoS) attacks grew 20 percent last year — a major decrease in the rate of attacks from 2007 to 2008, when these debilitating attacks increased 67 percent, according to a new report. Arbor Networks, which today released its annual worldwide security infrastructure report using data gathered from more than 65 IP network operators across the Americas, Europe, Africa, and Asia, found the largest attack was 49 gigabits-per-second from third quarter 2008 through third quarter 2009. “Last year, we saw a doubling in the sheer volume of these attacks and 40-Gbps was the major finding. To my surprise, only 20 percent” more of these attacks occurred in the past year, says the chief scientist for Arbor. The largest sustained DDoS attacks were 40 Gbps and 24 Gbps, he says. Attackers are employing more smaller-scale DDoS attacks that are harder to detect, yet just as lethal. “Lower-bandwidth attacks can be equally as disruptive to e-commerce and gambling sites, [for example], and more difficult to mitigate,” the scientist says. In the report, 35 percent of the respondents said they expect attacks to move to the cloud, with more sophisticated service and application attacks to be their biggest operational threat during the next 12 months. More than 21 percent expected large-scale botnet-based attacks to be the biggest threat. Source:

Communications Sector

53. January 20, Tampa Tribune – (Florida) Ex-employee charged in bomb threat at St. Pete TV studio. Employees at a television studio were evacuated early the morning of January 20 after someone called in a bomb threat, and investigators quickly figured out it was a former employee who made the threat, St. Petersburg police say. The former employee, of St. Petersburg, was arrested and charged with threatening to discharge a destructive device. He is being held at the Pinellas County Jail with bail set at $10,000. At about 3:15 a.m., the suspect made an anonymous call to say there was a bomb inside the American Option Network studio, said a St. Petersburg police spokesman. All employees were evacuated, and police traced the call to its origin, the spokesman said. It turned out to be the phone number belonging to the suspect, the spokesman said. Source:

54. January 20, WNWO 24 Toledo – (Ohio; Michigan) Did your internet die on Tuesday? You’re not alone. Buckeye CableSystem says their Angola Rd. server crashed around 4:00 p.m. on January 19, causing widespread outages of internet and phone service. A large portion of area Buckeye Cable customers were without the communication services for at least 3-4 hours. Some customers’ services were not restored into well into the night. Several area businesses operated with limited phone service and downed credit card machines during the outage. Area ATMs were also affected. The company says it was the first time that one of their servers has crashed. Source:

55. January 19, U.S. Government Accountability Office – (National) FCC management: Improvements needed in communication, decision-making processes, and workforce planning. Rapid changes in the telecommunications industry, such as the development of broadband technologies, present new regulatory challenges for the Federal Communications Commission (FCC). GAO was asked to determine (1) the extent to which FCC’s bureau structure presents challenges for the agency in adapting to an evolving marketplace; (2) the extent to which FCC’s decision-making processes present challenges for FCC, and what opportunities, if any, exist for improvement; and (3) the extent to which FCC’s personnel management and workforce planning efforts face challenges in ensuring that FCC has the workforce needed to achieve its mission. FCC consists of seven bureaus, with some structured along functional lines, such as enforcement, and some structured along technological lines, such as wireless telecommunications and media. Although there have been changes in FCC’s bureau structure, developments in the telecommunications industry continue to create issues that span the jurisdiction of several bureaus. However, FCC lacks written procedures for ensuring that interbureau collaboration and communication occurs. FCC’s reliance on informal coordination has created confusion among the bureaus regarding who is responsible for handling certain issues. Weaknesses in FCC’s processes for collecting and using information also raise concerns regarding the transparency and informed nature of FCC’s decision-making process. FCC has five commissioners, one of which is designated chairman. FCC lacks internal policies regarding commissioner access to staff analyses during the decision-making process, and some chairmen have restricted this access. GAO recommends FCC, among other things, develop written policies on interbureau coordination and commissioner access to staff analyses; revise its public comment process and its ex parte policies; and develop targets identifying expertise needs, strategies for meeting targets, and measures for tracking progress. The FCC generally concurred with GAO’s recommendations. The GAO report was conducted in December 2009 and published on January 19, 2010. Source:

For another story, see item 49 above in the Information Technology Sector