Department of Homeland Security Daily Open Source Infrastructure Report

Monday, March 1, 2010

Complete DHS Daily Report for March 1, 2010

Daily Report

Top Stories

 NBC News and the Associated Press report that a windy winter storm knocked out power to more than 1 million homes and businesses in the Northeast on Friday, fanned a hotel fire in coastal New Hampshire, and disrupted travel. (See items 1 and 53)


1. February 26, NBC News and Associated Press – (Northeast) 1 million lose power as storm slams Northeast. A windy winter storm knocked out power to more than 1 million homes and businesses in the Northeast on Friday, fanned a hotel fire in coastal New Hampshire, and disrupted travel. High winds combined with heavy snow were helping bring down power lines. About 330,000 homes and business have lost power in New Hampshire alone. Even the state Emergency Operations Center in New Hampshire was operating on a generator. A total of nearly 800,000 more customers were in the dark in states from Maine to Pennsylvania and New Jersey. Officials were also blaming the wind for fanning a hotel fire in Hampton, New Hampshire, and destroying an entire block of businesses. Farther south, snow is clogging roads and airport runways. Thousands of flights have been canceled, including more than 900 which were due to leave New York airports. In upstate New York, the storm left some 150,000 homes and businesses without power. Vermont had more than 10,000 outages. Nearly 4,900 utility customers in New Jersey were without electricity, and there were about 2,000 customers without power throughout Pennsylvania. National Guard forces rescued about 70 people on a ski trip in Susquehanna County, Pennsylvania when their buses got stuck on Route 374. The Pennsylvania Department of Transportation banned motorcycles, recreation vehicles, and commercial traffic on interstates 380 and 84 — with the exceptions of school buses and tow trucks responding to accidents. There was also a tractor-trailer ban on the Pennsylvania Turnpike’s Northeast Extension. Source: http://www.msnbc.msn.com/id/35557603/ns/weather


53. February 26, Associated Press – (New Hampshire) Fire at beachside N.H. hotel engulfs entire block. A fire that started in an unoccupied oceanfront hotel was fanned by winds of near hurricane force and spread to adjacent buildings, engulfing and destroying an entire block of businesses, firefighters said. No injuries were reported. The glow from the flames could be seen from miles away, a witness said. The ferocious blaze started late Thursday or early Friday at the three-story Surf Hotel in Hampton, a densely populated community along the Atlantic coast an hour’s drive north of Boston, a fire captain said. The block of five wood-frame buildings, including a games arcade, a storage facility and a building that housed a gift shop and apartments quickly caught fire. Most of the businesses in the area, including the Surf Hotel, are only open in the summer so no one was in any of the buildings. It took firefighters several hours before they could put out the fire while battling the winds and the cold, but by then the buildings couldn’t be salvaged, a fire chief said. No cause of the fire had been identified. Source: http://www.foxnews.com/story/0,2933,587456,00.html?test=latestnews


 WHDH 7 Boston reports that Freetown, Massachusetts officials declared a state of emergency after a storm caused heavy water to pour over the top of the 300-year-old Old Forge Pond Dam. Seven homes and two businesses near the dam were voluntarily evacuated Thursday. (See item 57)


57. February 26, WHDH 7 Boston – (Massachusetts) Freetown dam in danger of breach. One of Massachusetts’ oldest dams is in danger of failing in Freetown. The storm caused heavy water to come pouring over the top of the 300-year-old Old Forge Pond Dam. City officials declared a state of emergency as seven homes and two businesses near the dam were voluntarily evacuated. About half of the area homeowners decided to leave Thursday night. City leaders said they have been concerned about the dam for years, and Freetown’s Emergency Management Director said if the dam failed, it could set off a chain reaction. “This is one of three dams in a row, so if this one goes, it releases all that water. A tremendous force, which puts a severe strain on the second dam, which could possibly fail as well, which in turn will then go down to the Elm St. Bridge, which has had weight reductions because of problems with that bridge, which now puts all this water into Stony Village,” the Freetown Emergency Management director said. River flooding was also a big concern on Friday. Water from the Shawsheen River began flowing onto a roadway in Billerica on Thursday night, rushing over Whipple Road and Brown Street. As of Friday morning, the river was upgraded from minor flood stage to moderate flood stage. Crews planned to be back out at the Old Forge Pond Dam on Friday morning to check for any weak spots during the daylight. Source: http://www1.whdh.com/news/articles/local/BO136503/


Details

Banking and Finance Sector

14. February 26, The Register – (International) Latvian hacker tweets hard on banking whistle. A hacker has become a popular hero in the Baltics, and scourge to the authorities, by leaking information on the finances of banks and state-run firms to Latvian TV. The whistle-blowing hacker, who calls himself Neo, is feeding embarrassing information such as the pay of managers who work for a Latvian bank that received a credit crunch bail-out to the media via Twitter. The information reportedly came from tax documents filed with Latvian authorities by 1,000 firms and hacked into by the whistleblower, who may in fact be from Britain, and his confederates over the course of three months, the BBC reports. Source: http://www.theregister.co.uk/2010/02/26/latvian_hacker_whistleblower/


15. February 26, USA Today – (New York) Madoff Securities ex-operations chief charged in scam. The former operations director for a Ponzi scheme architect’s investment business was granted $5 million bail on February 25 after he was charged with cooking the company books to help hide the multibillion-dollar scam that victimized thousands of investors worldwide. The 63 year old suspect was released after a preliminary court appearance at which a U.S. Magistrate Judge ordered the bail secured by $2 million in assets. The judge set a March 29 hearing for the suspect, who was arrested by the FBI early on February 2 at his Manhattan home. Along with conspiracy, the suspect is charged with securities fraud, falsifying books and records, making false filings to the Securities and Exchange Commission and filing false tax returns. From 1997 until the scam collapsed in 2008, more than $750 million in investor funds were funneled to support the market-making and proprietary trading business, the criminal complaint charged. But false ledger entries allegedly made by the suspect hid the true source of the funds. Prosecutors also charged that the suspect helped the Ponzi schemer weather a 2005-06 liquidity crisis caused by clients seeking withdrawals. He allegedly got $145 million in loans by using $154 million in bonds from a client as collateral. Source: http://www.usatoday.com/money/industries/brokerage/2010-02-25-madoff-exec-arrested_N.htm


16. February 25, WEAU 13 Eau Claire – (Wisconsin) Russian cyber-hackers blamed for theft attempt. Eau Claire County says a worker in the treasurer’s office and a local bank prevented computer hackers from stealing almost $800,000. Eau Claire County says the incident happened in late January, and that it has since revised its rules for transferring money electronically. Alliance Bank protected the county against what it says could have been a six-figure loss. It called the county treasurer’s office about some suspicious wire transfers. The staff there told the bank it only requested one transfer, and it called off the others. Now it says the FBI thinks Russian cyber-hackers are to blame. A county board member says the FBI took a computer that the county used for wire transfers. Those transactions were suspended. The county later restored them under its new rules. Source: http://www.weau.com/news/headlines/85432692.html


17. February 25, Associated Press – (Connecticut) Feds: Ny exec stole $12 million from Webster bank. The president of an ATM management company has been charged with defrauding Connecticut-based Webster Bank out of $12 million. Federal prosecutors in New York City say the 64-year-old suspect of Bedford Corners, New York, president of Mount Vernon Money Centers, was charged February 8 with conspiracy to commit bank fraud. He is free on a $10 million bond. Prosecutors say the suspect’s company, based in Mount Vernon, New York, had a deal to restock about 160 of Webster’s nearly 500 automatic teller machines. Authorities say the suspect’s company put in new “canisters” of money and kept money left in the old ones. Source: http://www2.wjtv.com/jtv/ap_exchange/business/article/FedsNyExecStole12MillionFromWebsterBankCt/106766/


Information Technology


45. February 25, The Register – (International) Scareware scams ride the back of killer whale tragedy. Supposed footage of the February 24 fatal Sea World killer whale attack in Florida actually points at sites distributing scareware. The 40 year old trainer at Sea World in Orlando lost her life on February 24 after a killer whale attack. Miscreants have wasted no time is exploiting the tragedy, as so many before it, by setting up malware traps designed to ensnare the unwary. Black hat search engine trickery is once again being used to drive traffic to these sites, by planting links to malware portals in Google results for searches terms related to the tragedy, such as “killer whale video pictures”. Users who follow poisoned links will be warned of supposed security risks on their PCs in an effort to persuade them to try and then buy fake anti-virus software of little or no utility, as explained in a blog posting by Sophos. In related news, Twitter profiles compromised by a run of phishing attacks earlier this week have begun pushing out links to fake anti-virus portals. Because of this malign activity, users of Twitter search need to be especially careful, warns a Sunbelt Software security researcher. Source: http://www.theregister.co.uk/2010/02/25/killer_whale_scareware/


46. February 25, SCMagazine – (International) IBM report: Vulnerabilities fell in ‘09, attacks rose. The 2009 cybersecurity landscape had its peaks and its valleys – the number of new and unpatched vulnerabilities decreased compared to 2008, but attack volume grew substantially, according to a research report from IBM ISS released on February 26. There were 6,601 new vulnerabilities discovered last year, an 11 percent decrease compared to 2008, according to the annual “X-Force Trend and Risk Report.” In addition, the number of vulnerabilities in web browsers and document readers with no patch also decreased last year compared to 2008. And, the number of unpatched “critical” vulnerabilities is significantly lower than years past, indicating that software vendors have become more responsive when dealing with security issues, the report stated. “The computer industry is getting better at building secure software and being responsive to vulnerabilities,” the manager of IBM X-Force Research, told SCMagazineUS.com on February 25. “But the volume of attack activity is expanding at a very rapid pace.” For example, the number of new malicious websites increased by 345 percent in 2009 compared to 2008, according to the report. Spam and phishing volumes also rose dramatically during the second half of the year. Source: http://www.scmagazineus.com/ibm-report-vulnerabilities-fell-in-09-attacks-rose/article/164547/


47. February 24, DarkReading – (International) Attackers improving their aim against top brands, study says. Online criminals are becoming increasingly successful in circumventing enterprise defenses and executing targeted attacks on leading Web brands, according to a study released on February 24. Phishing remains one of the Web’s most popular attack methods, according to Cyveillance’s 2H 2009 Cyber Intelligence Report. While some research indicates the volume of phishing email has been decreasing, the bad guys are successfully targeting more varied industries and hitting bigger brands in order to gain better financial results, Cyveillance says. “While banks and credit unions continue to be the top targets of phishers, governments and the technology and energy industries are now seeing growing numbers of attacks,” the company says. Cyveillance determined that during the second half of 2009, 399 brands were first-time targets of phishing attacks, nearly double the amount of first-time targets than in the first half of the year. Averaging more than 36,000 confirmed, unique attacks per month in the same period of 2009, phishing attacks continue to succeed, the report says. In a test of 14 of the top antivirus vendor offerings, less than half of malware was detected, leaving users susceptible to infection, Cyveillance says. Even after seven days to adjust to a new malware threat, AV software averages achieved only a 50 percent detection rate. Source: http://www.darkreading.com/vulnerability_management/security/antivirus/showArticle.jhtml?articleID=223100622


For another story, see item 51 below in the Communications Sector


Communications Sector

48. February 26, WKTV 2 Utica – (New York) WKTV off air due to power failure. WKTV has been off the air for several hours due to a weather-related power failure in Middleville where the WKTV transmitter is located. National Grid estimates that power should be restored in that area by the afternoon of February 26. Viewers can still watch WKTV on Time Warner Cable. Keep checking WKTV.COM for the latest closings and cancellations, as well as news and weather. Source: http://www.wktv.com/news/local/85490777.html


49. February 25, IDG News Service – (National) FCC to ask Congress for $18B for public safety network. The U.S. Federal Communications Commission will ask Congress for $16 billion to $18 billion to pay for building and maintaining a nationwide mobile broadband network for emergency response agencies, including police and fire departments. The FCC will also recommend, in a national broadband plan due to be released next month, that mobile carriers that paid billions of dollars for spectrum in the 700MHz band be required to share their spectrum with public safety agencies, the agency chairman said on February 25. A grant program of up to $18 billion over 10 years is needed to get a nationwide, interoperable public safety network built, the chairman said in a press briefing. Public safety officials and U.S. lawmakers have been calling for a nationwide mobile broadband network since the September 11 terrorist attacks on the U.S., during which the multiple public safety agencies responding to the attacks couldn’t talk to each other. Asked if Congress might balk at spending $16 billion or more on a public safety network, the chairman said the network is necessary. Source: http://www.computerworld.com/s/article/9162541/FCC_to_ask_Congress_for_18B_for_public_safety_network



50. February 25, KOB 4 Albuquerque – (New Mexico) Antenna falls on Sandia Crest, knocks out power to stations. A TV tower’s antenna belonging to a local Christian TV station toppled over on February 24, knocking down power lines on Sandia Crest for two TV stations and several radio stations. Another brief signal outage occurred early on February 25. It lasted about 25 minutes and power was restored by 9:15. KOB-TV experienced a signal outage from 6 p.m. to 9 p.m. and planned to air Olympic highlights of missed events in the 10:30 p.m. newscast. KOB-TV was one of two television stations which, along with several radio stations, were knocked off the air when KNAT channel 23’s antenna fell. DirecTV and Dish Network were also affected. Source: http://www.kob.com/article/stories/S1434464.shtml?cat=516


51. February 25, IDG News Services – (National) Guilty plea for hacker who took Comcast off Web. A member of a telephone hacking group known as Kryogeniks has pleaded guilty to taking Comcast’s Web site offline in May 2008. The suspect pleaded guilty on February 24 to one count of conspiracy to intentionally damage a protected computer system, according to the U.S. Department of Justice. That charge could lead to a five-year prison sentence and a $250,000 fine. The suspect, who used the hacker name EBK, is one of three men charged with a hacking incident that disrupted Comcast’s Web page for two days. He was charged in November, along with two alleged co-conspirators. All of the men were part of a “phone phreaking group called ‘Kryogeniks,’” according to one of the suspect’s plea memorandum. Source: http://www.computerworld.com/s/article/9162539/Guilty_plea_for_hacker_who_took_Comcast_off_Web