Monday, November 7, 2011

Complete DHS Daily Report for November 7, 2011

Daily Report

Top Stories

• Detroit’s mayor announced November 4 a plan for an increased police presence on city buses, after drivers refused to cover their routes for many hours in the wake of a physical assault on a driver. – Detroit News and Associated Press (See item 15)

15. November 4, Detroit News and Associated Press – (Michigan) Buses running again as Bing vows to up security, stop ‘hooligans’. Detroit’s mayor announced November 4 a plan for an increased police presence on Detroit Department of Transportation (DDOT) buses, a day after a driver was allegedly assaulted by a passenger at the Rosa Parks Transit Center, prompting bus drivers to halt city service until about 1:30 p.m. As of 2:30 p.m. buses had returned to service. About 100 DDOT bus drivers refused to cover their routes because they were upset over a physical assault on one of their own that occurred at the transit center November 3 in downtown Detroit. The work shutdown started early November 4, stranding surprised residents. Drivers were told by union officials that changes to DDOT include improved security measures on bus routes, including random pullovers of buses in identified trouble spots, a $1,000 Crime Stoppers reward for information that would lead to an arrest of anyone responsible for the assault of the DDOT bus driver, increased patrols at the center, and monthly meetings to address drivers’ safety concerns. Source:âÂ.Â.hooligansâÂ.Â.

• Public health authorities estimate 2,000 people in Utah may have been infected with Salmonella since 2009 by eating soft cheese made from raw milk by an unauthorized food producer. – Food Safety News (See item 20)

20. November 4, Food Safety News – (Utah) Utah tracks raw milk Salmonella to ‘Mr. Cheese’. Public health authorities estimate 2,000 people in Utah may have been infected with Salmonella since 2009 by eating soft cheese made from raw milk by an unauthorized food producer, the Salt Lake Tribune and Deseret News reported November 3. According to the news reports, the queso fresco was homemade by a man called “Mr. Cheese,” who supplied it to Salt Lake City delis or restaurants. An investigation was launched in 2009 after people began to get sick with Salmonella Newport. Since then, health department officials confirmed about 70 cases of Salmonella Newport linked to raw milk cheese, but believe as many as 2,000 Utahns in 6 counties may actually have been affected, the director of Salt Lake Valley Health Department’s Environmental Health Division told Deseret News. After samples of queso fresco collected at a restaurant were tested and resulted in a positive DNA match with the outbreak strain, the owner identified his source from a photo lineup, and called him “Mr. Cheese.” Investigators from the Utah Department of Agriculture and Food found the man’s cheese-making operation at his Salt Lake City home, and learned the unpasteurized milk he was using came from a dairy located outside of Heber. Raw milk sales are allowed in Utah, but only from the farm directly to consumers. Dairies must also have a permit or license to sell raw milk, and the Heber dairy had neither. Source:


Banking and Finance Sector

11. November 4, CBS News – (Illinois) Suspect arrested for robbing same bank 4 times. A 57-year-old man has been charged with robbing a Chicago bank in September and is suspected of robbing the same bank at least three other times since August. The suspect was arrested by the FBI the week of October 24 and charged with the September 30 robbery of the Chicago Community Bank branch at 52 E. Lake Street. According to the criminal complaint, he entered the bank around 9:30 a.m. September 30, handed the teller a note stating he had a gun and a bomb, and demanded money. The teller handed over $631 in cash and the suspect fled on foot. Authorities recovered the demand note he left behind and the FBI lifted a fingerprint from the note, matching it to the suspect. Although he has only been charged in the September 30 robbery, the FBI suspects him of robbing the same bank branch August 12, September 16, and October 12. Source:

12. November 3, New York Times – (New York) Protesters arrested outside Goldman Sachs building. Police officers arrested more than a dozen protesters from the Occupy Wall Street movement November 3 after large group of the demonstrators marched to the headquarters of Goldman Sachs in Manhattan, New York. Police said 16 protesters were arrested shortly before 1 p.m., including nine men and seven women. All but one of the protesters faced charges of disorderly conduct and resisting arrest. One protester was charged with disorderly conduct. Police said the protesters apparently held a mock trial of Goldman Sachs at their encampment in Zuccotti Park before setting out for the building to deliver their verdict. When they got to the building, several crowded in front of it. “They were asked to move numerous times, and failed to do so,” a police spokesman said. “Consequently, arrests had to be made.” No protester entered the building, police said. A Goldman Sachs security manager said the event included about 100 protesters who walked west on Murray Street and crossed the West Side Highway to 200 West Street, the Goldman Sachs building, and began demonstrating. The manager said about a dozen in the group simply sat down on a wide sidewalk in front of the main entrance. Source:

13. November 2, Indianapolis Star – (Indiana) Indy man, 33, held in 4 bank robberies, 1 attempt. A 33-year-old man was arrested on charges of robbing four banks and the attempted robbery of another bank in Indianapolis, the U.S. attorney’s office announced November 2. The suspect was charged in the wake of an investigation by the FBI’s Safe Streets Gang Task Force, a U.S. attorney said in a news release. The robberies occurred July 6 at Huntington Bank, 6965 W. 38th Street; July 21 at Chase Bank, 1 E. Ohio Street; July 25, Old National Bank, 5173 W. Washington Street; and September 29 at Huntington Bank, 201 N. Illinois Street The attempted robbery occurred August 8 at Old National Bank, 35 N. Lynhurst Avenue. Federal authorities allege that in the first three robberies the suspect handed tellers a note threatening the use of a bomb if money was not provided. A similar method was used in the August 8 robbery, but authorities allege the suspect fled the scene before receiving any money. During the September 29 robbery, he allegedly threatened bank employees by lifting up his shirt and pointing to what he claimed was a gun, according to the news release. Source:|topnews|text|

Information Technology Sector

35. November 4, IDG News Service – (International) Microsoft issues workaround for Duqu attack while it prepares a patch. Microsoft published code to temporarily blunt attacks against a software vulnerability exploited by Duqu, an advanced piece of malicious software still being closely analyzed by security researchers. Microsoft is working on a patch for the vulnerability in the Win32k TrueType font-parsing engine, a component of various Windows operating systems. An attacker could exploit it to load malicious code on a computer in kernel mode. The exploit can be delivered by a malicious Microsoft Word document, researchers found. The document could be sent to a target via an e-mail attachment; opening the document would launch the attack. Researchers from the Laboratory of Cryptography and System Security in Hungary located an installer file for Duqu and discovered it used the previously unknown Windows vulnerability. Microsoft’s workarounds involve a few lines of code that run at an administrative command prompt. Microsoft warned installing the workarounds may mean some applications that rely on embedded font technology may not display properly. The workarounds apply to Microsoft’s XP, Vista and 7 operating systems, as well as to various Windows Server products. The company has also published a quick fix that can be downloaded and applied. Source:

36. November 3, IDG News Service – (International) Simulated cyberattack unites EU and U.S. security experts. Almost 100 computer experts from 16 European countries jointly battled to hold off cyberattacks on the European Union’s security agencies and power plants as part of a simulated exercise November 3. The event, Cyber Atlantic 2011, was the first joint cybersecurity exercise between the European Union (EU) and the United States. Two scenarios were acted out. The first was a targeted, stealth advanced persistent threat attack aimed at extracting and publishing online secret information from EU member states’ cybersecurity agencies. Security experts at Europe’s network and information security agency said this type of attack was possible in a real-world situation. The second simulation focused on the disruption of supervisory control and data acquisition systems in power generation infrastructures. This threat is being taken very seriously by EU authorities, particularly in light of allegations the Anonymous hacker group has attempted to infiltrate French power plants, and the widespread Stuxnet attack on Iran’s nuclear facilities. More than 20 EU countries were involved in the exercise, with the European Commission providing high-level direction, and DHS lending support. The aim was to explore how the EU and the United States would engage each other and cooperate in the event of cyberattacks on critical information infrastructures, and follows the first pan-European cybersecurity stress test. Lessons learned from Cyber Atlantic 2011 will be used to plan potential future joint EU-U.S. cyberexercises. Source:

37. November 3, Computerworld – (International) Microsoft to patch critical Windows 7 bug in ‘upside down’ update next week. Microsoft November 3 said it will issue four security updates the week of November 7 to patch four vulnerabilities in Windows. The critical vulnerability affects only Windows Vista, Windows 7, Server 2008, and Server 2008 R2, said Microsoft in its monthly advanced warning of Patch Tuesday’s roster. Other than the one critical update, the collection also includes two pegged “important,” and one labeled “moderate.” Two of the updates — the critical and one of those marked important — will patch vulnerabilities attackers could exploit to execute malicious code and potentially commandeer the computer. While the Windows XP will not require the sole critical update, it will be patched by one of the important vulnerabilities. Windows 7 users, however, will receive all four updates — including the critical patch — and Vista owners will see three. Source:

For another story, see item 38 below in the Communications Sector

Communications Sector

38. November 4, WWLP 22 Springfield – (National) Many have power, but no cable. In Massachusetts, the October snowstorm did not only damage power lines, it damaged cable lines as well, and many people are dealing with not having television or Internet access. A Charter Communications spokeswoman told WWLP 22 Springfield that 10,000 cable lines were damaged in the storm, and they had repaired about 2,000 of them by the morning of November 4 using crews brought in from Atlanta. Their issue is that in order to get cable systems online, they first have to wait for the area to be safe, and in certain areas, power must be restored 100 percent for cable and Internet services to come back. It is not just repairing lines, either. Some lines have to be completely replaced. Source:,-but-no-cable