Department of Homeland Security Daily Open Source Infrastructure Report

Wednesday, July 7, 2010

Complete DHS Daily Report for July 7, 2010

Daily Report

Top Stories

• The Associated Press reports that a tour boat headed on a whale watch with 174 people on board was evacuated July 3 after it ran aground on a rocky ledge in Boston Harbor and began taking on water. The Coast Guard said two people suffered injuries. (See item 18)

18. July 6, Associated Press – (Massachusetts) Ship in Boston Harbor runs aground, is evacuated. A tour boat headed on a whale watch with 174 people on board was evacuated Saturday after it ran aground on a rocky ledge in Boston Harbor and began taking on water. No one was seriously hurt in the accident, which was reported at about 10 a.m. off Deer Island. The Coast Guard said two people suffered back and knee injuries. Authorities said a combination of Coast Guard vessels, local emergency vessels and nearby fishing boats helped evacuate the 87-foot vessel Massachusetts, and by early afternoon, everyone was safely off the boat. The boat’s operators reported that they collided with rocks at Devil’s Back Ledge while traveling at about 18 knots. The boat was listing heavily toward its bow Saturday afternoon and its back end had lifted out of the water. Source:

• In a report released July 1, the U.S. Government Accountability Office said the Administration should pursue a national plan to develop a monitoring system for bioterrorism incidents and other disease threats. (See item 37)

37. July 2, Global Security Newswire – (National) U.S. lacks unified biothreat detection framework, auditors find. The U.S. Administration should pursue a national plan to develop a monitoring system for bioterrorism incidents and other disease threats, the U.S. Government Accountability Office said in a report released July 1. The United States lacks an overarching strategy for developing a “national biosurveillance capability,” says the report, which examines federal biological threat detection initiatives, policies and tactics, as well as official testimony from 12 federal departments overseeing the programs. “Efforts to develop a national biosurveillance capability could benefit from a national biosurveillance strategy that guides federal agencies and other stakeholders to systematically identify risks, resources needed to address those risks and investment priorities,” congressional auditors stated. Source:


Banking and Finance Sector

12. July 6, Bank Info Security – (National) Bank Failures: 2010 Pace Exceeds 2009. Although there were no bank failures to report on the Fourth of July, midway through 2010, there have been more than twice the number of failed banks and credit unions as was seen at this same point in 2009. There have been 96 failures — 86 banks and 10 credit unions — so far in 2010. At the end of June 2009, there were 45 failures en route to a total of 171 failed institutions for the year. With institutions continuing to feel the effects of the 2008 economic meltdown, experts say we may well see significantly more bank failures before year’s end. Of the 86 banks to fail so far in 2010, the largest is Westernbank Puerto Rico, which closed in April and had approximately $11.94 billion in total assets. Of 10 credit unions to be closed, acquired or placed into conservatorship, the largest is Arrowhead Central Credit Union of San Bernardino, California. This full service credit union was placed into conservatorship in June, with assets of $876 million. Florida leads the nation with 14 failures. Next on the list are: 12 failures in Illinois, nine in Georgia and California, seven in Washington State, and six in Minnesota. Meanwhile, with slightly fewer than 800 financial institutions now on the Federal Deposit Insurance Corporation’s “troubled banks” list — up from 90 in 2008 — the likelihood of further bank closings is very real. Source:

13. July 2, CNN – (California) FBI says ‘Golden Years Bandit’ is California bank robbery suspect. A man authorities call the “Golden Years Bandit” has struck again, the FBI said July 2. Investigators are searching for a grey-haired man in his 50s or 60s who held up a bank in San Gabriel, California, June 26. The suspect alluded to having a partner and a gun, ordered the teller “not to say a word” and demanded cash in $100, $50 and $20 denominations. How much the man stole remains undetermined. The FBI said authorities believe the mustache-wearing man used the same technique in two previous California bank robberies, one in January in Alhambra and one in Rosemead in March. Source:

14. July 2, Bank Info Security – (National) FDIC targeted by phishers - again. On July 2, the Federal Deposit Insurance Corporation (FDIC) warned consumers and financial institutions that bogus emails claiming to be from the FDIC are arriving in inboxes. This is the fourth time within a year that the federal banking regulator has issued alerts about phishing emails using its brand. The FDIC says subject lines of the e-mails state: “you need to check your Bank Deposit Insurance Coverage” or “FDIC has officially named your bank a failed bank.” The email states: “You have received this message because you are a holder of a FDIC-insured bank account. Recently FDIC has officially named the bank you have opened your account with as a failed bank, thus, taking control of its assets.” The email then directs recipients to click on a link stating “You need to visit the official FDIC website and perform the following steps to check your Deposit Insurance Coverage.” If individuals click on the link, they are sent to a non-FDIC webpage. One email link has a .eu destination, which means the web server is located somewhere in the European Union. The e-mails and associated web site are fraudulent. Anyone getting these emails should consider the intent of this e-mail as an attempt to collect personal or confidential information, or to load malicious software onto end users’ computers, says the FDIC. Source:

Information Technology

41. July 5, IDG News Service – (International) Google confirms attack on YouTube. Malicious hackers attacked Google’s YouTube July 4, exploiting a cross-site scripting (XSS) vulnerability on the ultra-popular video sharing site, hitting primarily sections where users post comments. The attack potentially put at risk YouTube cookies of users who visited a compromised page, but it could not be used to access their Google account. The attackers apparently targeted a teen singing sensation, incorporating code into YouTube pages devoted to him so that visitors saw tasteless messages pop up about the teen star, and were also redirected to external sites with adult content. An industry source familiar with the situation said that while the attack itself didn’t involve malware infections, such a risk is inherent whenever users visit any Web page, such as the ones attackers redirected users to. It is not clear if those landing pages contained malware, but most up-to-date anti-virus software is designed to protect against those threats. Source:

42. July 5, Krebs on Security – (International) Microsoft warns of uptick in attacks on unpatched Windows flaw. Microsoft is warning that hackers have ramped up attacks against an unpatched, critical security hole in computers powered by Windows XP and Server 2003 operating systems. The software giant says it is working on an official patch to fix the flaw, but in the meantime it is urging users to apply an interim workaround to disable the vulnerable component. Users of Windows XP or Server 2003 should consider running Microsoft’s stopgap “FixIt” tool to disable the vulnerable Help Center component. Source:

43. July 2, The H Security – (International) Windows exploit protection mostly unused. According to an analysis by security firm Secunia, very few applications use the Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR) features of Windows which can render attacks on vulnerabilities ineffective. In total, the company looked at 16 popular applications such as browsers, media players and office applications. DEP prevents attackers from executing the code they have injected into the stack or heap via a buffer overflow – it cannot prevent the overflow itself. However, attackers don’t necessarily execute their own code there and then. They often use a manipulated return address to jump to a code segment that has already been loaded by the application. Attackers usually try to jump to specific C library functions (return-into-libc attack). Source:

Communications Sector

44. July 2, Inside Tucson Business – (Arizona) Massive outage cuts off communications for days. Hundreds of Tucson, Arizona businesses and residential customers were without communication lines for days and, in some cases more than a week, after telecommunications conduits were ripped up June 24 by American Traffic Solutions, a subcontractor, hired to install red-light photo enforcement cameras at the intersection. Some businesses faced outages with phones and Internet. A public relations specialist with American Traffic Solutions, said a Blue Stake request was called in but the Qwest lines weren’t marked. A Blue Stake request is reccommended before digging so excavators know where lines for power, gas, telecommunications and other conduits run beneath the surface. The Target store, which posted a sign from June 25 through June 27 saying it couldn’t process credit card payments, brought in a back-up satellite system to begin processing card payments. The senior general manager in Tucson for mall owner General Growth Properties said all systems were to be back online as of June 30. Source:

45. July 2, Baltimore Examiner – (International) Twitter site goes down, comes up, and goes down again. The Twitter web site went down about 12:20 p.m. on July 2, 2010. Visitors were met with the web site’s usual “Twitter is over capacity” message. According to their Twitter Status page, they are “Investigating Elevated Error Rates.” This is based on reports they have received from users. It is not usual for the very popular web site to go down. But normally the site is only down for a few minutes, or in localized areas. At this point it seems to be an extended outage. In addition to the web site itself, it seems other means of accessing the Twitter service have also shut down. These include Smart Phone Apps and text messaging. By 2 p.m., Twitter was up and working again. Users were very upset over the outage, which may have been caused by a massive increase in tweets because of the World Cup match between the Netherlands and Brazil. Due to the massive volume of World Cup tweets, Twitter created a special web site to handle and display the live tweets from around the world. Source:

46. July 2, KGBT 4 Harlingen – (International) Cell phone service disrupted on Mexican side of the border. An exact cause of large-scale cell phone disruptions was not clear, but Hurricane Alex is being blamed for leaving thousands of people without cell phone service on the Mexican side of the U.S. border. Cell phone service for Nextel service went down in Reynosa, Matamoros and Ciudad Victoria early June 2, and there were also reports that cell phone service for Movistar and Telcel users also went down. Telcel reported that it was able to restore service by 10 a.m. Nextel officials couldn’t immediately be reached for comment, but some viewers from Matamoors reported their service was restored mid-morning. Reynosa city officials sent out a message at 11:26 a.m., reporting that the Nextel service went down due to damages to a retransmission antenna in Monterrey. Source: