Read Daily Report Template - Version 1 text version

Homeland Security

Daily Open Source Infrastructure Report for 27 August 2009

Top Stories

Current Nationwide Threat Level

ELEVATED

Significant Risk of Terrorist Attacks

For information, click here: http://www.dhs.gov

PC World reports that the Air Line Pilots Association is calling on the U.S. government to temporarily ban cargo shipments of lithium batteries, saying they represent a serious safety hazard. (See item 14) According to Softpedia, researchers at Web security company ScanSafe advise that a new mass compromise attack is underway and has affected over 62,000 URLs to date. A rogue IFrame injected into the compromised Web pages loads a cocktail of exploits and malware from other domains. (See item 40) Fast Jump Menu

PRODUCTION INDUSTRIES · Energy · Chemical · Nuclear Reactors, Materials and Waste · Critical Manufacturing · Defense Industrial Base · Dams Sector SUSTENANCE AND HEALTH · Agriculture and Food · Water Sector · Public Health and Healthcare SERVICE INDUSTRIES · Banking and Finance · Transportation · Postal and Shipping · Information and Technology · Communications · Commercial Facilities FEDERAL AND STATE · Government Facilities · Emergency Services · National Monuments and Icons

Energy Sector

Current Electricity Sector Threat Alert Levels: Physical: ELEVATED, Cyber: ELEVATED

Scale: LOW, GUARDED, ELEVATED, HIGH, SEVERE [Source: ISAC for the Electricity Sector (ES-ISAC) [http://www.esisac.com]

1. August 26, Fort Collins Coloradoan ­ (Colorado) Tanker spills asphalt into Poudre River. A tanker carrying 24 tons of hot asphalt spilled the morning of August 25 into the Poudre River, forcing authorities to close a portion of Colorado Highway 14. The tanker was westbound near milepost 114 when it lost control and ran off the road into the Poudre River, a Colorado State Patrol spokesoman said. The load of liquid asphalt

-1-

became a gel when it hit the cold water, he said. The driver suffered minor injuries and was taken to Poudre Valley Hospital. A state patrol hazardous materials crew spent hours arranging for special equipment to be brought to the scene and cleaning up the spill. An estimated 500 gallons of asphalt went into the river. The tanker reportedly carried about 5,700 gallons. At least a dozen agencies responded to the crash scene because of the potential consequences of the spill, said a water resources, treatment, and operations manager with Fort Collins Utilities. The spill occurred about two miles upstream of the intake for a pipeline that carries Poudre water to the city water treatment facility. City officials were notified of the crash within minutes and began the process of shutting down the intake, he said. The city will draw from Horsetooth Reservoir for its water supply until the river is deemed usable, he said. Source: http://www.coloradoan.com/article/20090826/NEWS01/908260335/Tankerspills-asphalt-into-Poudre-River 2. August 25, WPBF 25 West Palm Beach ­ (Florida) Employees fired after reporting security breach. When two Lake Worth Utilities employees, with 60 years of power grid experience between them, noticed an unauthorized computer plugged into the power system's mainframe on two separate occasions, they knew they had a problem. "If you turn it off, then somebody can come in and do all kinds of things to the electric system," said one man, "as bad as you can turn off the complete power grid to the state of Florida." Worried, they took their concerns to everyone they could think of. Last month, they appeared before the city commission. They said they eventually gave interviews to the FBI and Department of Homeland Security. Then they were fired. The city manager said she would answer questions about the employees. But she has not done so yet. A news release issued by her office last month read: "After previous allegations had been received and following an investigation in June this year, it was determined that no security breach (a security breach being an external act that bypasses or contravenes security policies, practices or procedure) had occurred to the Lake Worth Utilities system at any time." "I have to stand up for my own integrity," said one of the men, as he explained why he is still talking about what happened. He and the other man said they have nothing to gain by coming forward -- except the satisfaction that they took a stand for what they believe in. Source: http://www.wpbf.com/mostpopular/20552910/detail.html [Return to top]

Chemical Industry Sector

Nothing to report [Return to top]

Nuclear Reactors, Materials and Waste Sector

3. August 26, Reuters ­ (Kansas) Kansas Wolf Creek reactor up to 92 pct power. Wolf Creek Nuclear Operating Corp's 1,166-megawatt Wolf Creek 1 reactor in Kansas was

-2-

at 92 percent power early Wednesday, up from 48 percent of capacity early Tuesday, the U.S. Nuclear Regulatory Commission said in a power reactor status report. The unit, in Burlington, about 70 miles south of Topeka, the state capital, has been ramping up from a recent outage. Source: http://www.reuters.com/article/rbssIndustryMaterialsUtilitiesNews/idUSN2630294020 090826 4. August 26, Reuters ­ (Florida) Progress Crystal River Fla reactor at 17 pct power. Progress Energy Inc's (PGN.N) 838-megawatt Crystal River 3 nuclear power unit in Florida was at 17 percent power early Wednesday as it began to exit a recent outage, the U.S. Nuclear Regulatory Commission said in its power reactor status report. The unit, in Red Level, Florida, about 85 miles north of Tampa, was manually tripped on Monday after a control rod was inserted into the core, a company spokeswoman said previously. Source: http://www.reuters.com/article/rbssIndustryMaterialsUtilitiesNews/idUSN2625056920 090826 5. August 26, Reuters ­ (New Jersey) Exelon NJ Oyster Creek reactor down to 78 pct power. Exelon Corp's (EXC.N) 619-megawatt Oyster Creek nuclear power station in New Jersey was at 78 percent power early Wednesday, down from full power on Tuesday, the U.S. Nuclear Regulatory Commission said in its power reactor status report. It was not immediately known why the unit, in Forked River, New Jersey, about 60 miles east of Philadelphia, was reduced. Source: http://www.reuters.com/article/rbssIndustryMaterialsUtilitiesNews/idUSN2625349120 090826 6. August 26, Port Clinton News Herald ­ (Ohio) Terrorists' near nuclear power plant were costumed racers. The reports cited men in masks, a death squad van and other suspicious sights around the Davis Besse Nuclear Power Plant. Authorities fielded a flurry of calls Saturday from concerned residents who saw men in ski masks, Ghostbusters, ballerinas, ninjas and Little Red Riding Hood costumes. The calls initiated numerous traffic stops over three hours as the Ottawa County Sheriff's Office, the Port Clinton Police Department's Harbor Patrol, Carroll Township and Oak Harbor Police and the U.S. Border Patrol responded to the calls. What callers saw was one of the last stages of Rental Car Rally 2009, a road race that started in New York City and passed through an abandoned coal mining town, a civil war cemetery, Ringing Rocks Park in Pennsylvania and Safari Adventures at Kalahari Resort before ending at a casino in Detroit. A U.S. Border Patrol public affairs officer said he is glad people contacted authorities immediately. "Our primary mission is to prevent terrorism," he said, "so anytime someone sees something, they should call." A FirstEnergy spokesman said plant authorities were in contact with federal, state and local officials Saturday afternoon. "Security force members focused on protecting the plant," the spokesman said. "At the point we were notified," he said, "we took precautionary

-3-

procedures." Source: http://www.portclintonnewsherald.com/article/20090826/NEWS01/90825016 7. August 25, New York Times ­ (National) Nuclear regulators urge high-tech fire detection. Many of the hundreds of workers at the Shearon Harris nuclear plant in New Hill, N.C., are busy with high-tech tasks like calibrating equipment, monitoring radiation fields or controlling the reactor. But around the clock, there are three on duty who might have come out of another century. They sniff for smoke. Pacing miles each day, up and down stairs and through vast halls and narrow passages, they visit crucial locations at least once an hour to make sure fire has not broken out. Yet Shearon Harris wants to eliminate jobs like these procedures and so does the Nuclear Regulatory Commission. Instead, the commission is urging nuclear plants to embrace a more systematic approach to assessing fire risk, one that relies on a computer program. Using the new method, Shearon Harris is assessing every nook and cranny of its plant, across hundreds of miles of electrical cables and scores of pumps and motor-driven valves. The commission is promoting the approach as a replacement for its own "cookbook" rules, which set strict procedures without allowing room for analysis, said the commission's associate director of engineering and safety systems. Source: http://www.nytimes.com/2009/08/26/science/earth/26nuke.html?_r=1&em [Return to top]

Critical Manufacturing Sector

8. August 26, Reliable Plant Magazine ­ (Connecticut) Firearms manufacturer fined for guarding, LOTO hazards. Widespread machine guarding and lockout/tagout hazards at a North Haven, Connecticut, manufacturer of small firearms has resulted in $42,850 in proposed fines from the U.S. Department of Labor's Occupational Safety and Health Administration (OSHA). The Marlin Firearms Co. has been cited for a total of 24 alleged serious and other-than-serious violations of workplace safety standards following a comprehensive OSHA inspection that began March 3 at the company's plant on Kenna Drive. OSHA's inspection identified dozens of instances throughout the plant where workers were exposed to possible lacerations, amputation and crushing injuries from unguarded moving parts of mechanical power presses and other machinery as well as a lack of specific procedures to prevent the accidental startup of numerous machines during set-up, maintenance and repair. The inspection also found electrical, fall, and compressed air hazards as well as improperly recorded injuries and illnesses. "Workers can lose their fingers, limbs, or lives in a few seconds if a machine starts up unexpectedly or its moving parts are not guarded against contact," said the OSHA's area director in Bridgeport. "There is no reason for those injuries to occur if the employer ensures the proper safeguards are effectively and continuously in place and in use." Source: http://www.reliableplant.com/article.aspx?articleid=19647&pagetitle=Firearms+manuf acturer+fined+for+guarding,+LOTO+hazards

-4-

9. August 25, Associated Press ­ (National) Maytag recalls more refrigerators. Maytag said on August 25 it is recalling about 46,000 refrigerators under the Maytag, Magic Chef, Performa by Maytag and Crosley brand names, due to a fire hazard. Because of an electrical failure in the device that turns on the compressor, the company said there is a chance of overheating that can lead to fire. About 1.6 million similar refrigerators were recalled in March. Maytag, which is now part of Whirlpool Corp., said it has received 23 more reports of refrigerators catching fire. Of those, there were four reports of property or smoke damage. The refrigerators in question are side-by-side and top freezer refrigerators made in black, bisque, white, and stainless steel. They cost between $350 and $1,600 and were sold from September 2000 to May 2004. Refrigerators with freezers on the bottom are not included in the recall. Source: http://www.google.com/hostednews/ap/article/ALeqM5hMhZ5JlRi9x_AnGDhoVMhT EleqPgD9A9V8305 [Return to top]

Defense Industrial Base Sector

10. August 25, Aviation Week ­ (International) CSeries fuselage ready for testing. Bombardier has taken delivery of its first CSeries fuselage test barrel from Chinese supplier Shenyang Aircraft Corp. (SAC) and next month expects to start a twoyear trial. The 23-foot-long (7 meters) aluminum alloy test barrel will be used by the Canadian airframer for risk elimination trials, an internal study the manufacturer said will help it meet its delivery schedule. Similar trials are scheduled for early next year at Bombardier's Northern Ireland unit for the CSeries' wing unit, while a spring date has been set to start empennage testing in Montreal, said the company's VP-Commercial Aircraft. "Each trial will run three life cycles, or 180,000 cycles of fatigue testing," said the VP. The fuselage barrel will be pressurized for its three-life-cycle test before undergoing a round of residual testing. It will then be dismantled for detailed examination. "This is a full-size piece of fuselage, with the same diameter [12 ft.] as the real aircraft. The only difference is this section is 10 seats long," he said. Bombardier will have to simulate about 1,000 flights each day, 24hours a day over the two-year trial period to meet its three-life-cycle goal. Separate trials will be required for certification. The test fuselage was built by SAC, a division of China Aviation Industry, and shipped from Dalian, in northeast China, to California on July 20. It was then delivered to Bombardier's facility in St. Laurent, Quebec. SAC is also contracted to build the CSeries' forward, mid- and aft fuselage sessions. "The test barrel for the CSeries aircraft arrived on schedule, and meets the quality standards equivalent to a final production unit. This achievement underscores the strength of our partnership with Shenyang Aircraft Corporation and China Aviation Industry," said Bombardier's VP-Integrated Product Development Team for the CSeries Aircraft Program. Source: http://www.aviationweek.com/aw/generic/story.jsp?id=news/CSER08259.xml&headlin e=CSeries Fuselage Ready For Testing&channel=comm [Return to top]

-5-

Banking and Finance Sector

11. August 25, Bloomberg ­ (National) Court orders Fed to disclose emergency bank loans. The Federal Reserve must for the first time identify the companies in its emergency lending programs after losing a Freedom of Information Act lawsuit. The Manhattan chief U.S. district judge ruled against the central bank on August 24, rejecting the argument that loan records are not covered by the law because their disclosure would harm borrowers' competitive positions. The Fed has refused to name the financial firms it lent to or disclose the amounts or the assets put up as collateral under 11 programs, most put in place during the deepest financial crisis since the Great Depression, saying that doing so might set off a run by depositors and unsettle shareholders. Bloomberg LP, the New York-based company majority-owned by the mayor of New York, sued on November 7, 2008 on behalf of its Bloomberg News unit. "The Federal Reserve has to be accountable for the decisions that it makes," said a U.S. Representative, who is a Florida Democrat on the House Financial Services Committee, after the judge's ruling. "It's one thing to say that the Federal Reserve is an independent institution. It's another thing to say that it can keep us all in the dark." Source: http://www.bloomberg.com/apps/news?pid=20601087&sid=a7CC61ZsieV4 12. August 25, Dow Jones Newswires ­ (New York) NY businessman charged with $74 million bank fraud against Citigroup. A New York man was charged with allegedly defrauding Citigroup Inc. out of $74 million in loans. The U.S. attorney in Manhattan and the Federal Bureau of Investigations say the defendant, with residences in Manhattan and Katonah, New York, fraudulently applied for the loans for Nemazee Capital Corp., of which he is chairman and chief executive. Federal prosecutors contend Nemazee obtained the money by giving the banking giant "numerous documents that purported to establish the existence of accounts in Nemazee's name at various financial institutions containing many hundreds of millions of dollars," the Justice Department said in a statement. "In fact, those were fraudulent and forged documents." According to an FBI report, the defendant first contacted Citigroup's Citibank in December 2006 to borrow $25 million, and later raised the sum to $80 million. The defendant paid back more than $74 million on August 24, after being questioned by federal agents on August 23 as he was checking in to board a flight from Newark International Airport in New Jersey to Rome. Source: http://money.cnn.com/news/newsfeeds/articles/djf500/200908251258DOWJONESDJO NLINE000315_FORTUNE5.htm 13. August 25, Computerworld ­ (National) Cybercrooks increasingly target small business accounts. An organization representing more than 15,000 financial institutions has issued a warning about a growing wave of attacks against small banks and businesses by cybercriminals using stolen banking credentials to plunder corporate accounts. In an alert to its members earlier this month, NACHA -- the Electronics Payments Association -- said that attackers are increasingly stealing online banking credentials, such as user names and paswords, from small businesses by using keystroke logging tools and other malware. The cybercriminals are using the stolen

-6-

credentials to "raid" and "take over" corporate accounts and initiate the unauthorized transfer of funds over electronic payment networks. NACHA oversees the Automated Clearing House (ACH) electronic payments network. NACHA's alert said that the cybercrooks are apparently targeting small businesses because of their relative lack of strong authentication procedures, transaction controls and "red flag" reporting capabilities. In some cases, the alert said, attackers are tricking small business workers into visiting phishing sites with the same look and feel as their company's financial institution, where they would log on using their credentials. Source: http://www.computerworld.com/s/article/9137112/Cybercrooks_increasingly_target_s mall_business_accounts [Return to top]

Transportation Sector

14. August 26, PC World ­ (International) Airline pilots want ban on lithium battery shipments. An airline pilot union is calling on the U.S. government to temporarily ban cargo shipments of lithium batteries, saying they represent a serious safety hazard. The Air Line Pilots Association (ALPA), which represents pilots in the U.S. and Canada, asked that the U.S. government prohibit shipments of lithium batteries on all cargo and passenger flights until measures are taken to insure that such shipments are safe. The proposed ban on the batteries, which are widely used in electronic devices like phones and computers, would not prohibit passengers from carrying batteries on planes. During the last two months, there have been three incidents where fire or smoke on aircraft was caused by shipments of lithium batteries. On August 14, the crew of a plane that landed in Minneapolis received a warning of smoke in the plane's forward cargo compartment. When fire crews opened the compartment, they found flames coming from a container filled with electronic cigarettes, each containing a lithium-ion battery. In another incident in July, a container filled with lithium-ion batteries on a flight to Santo Domingo, Dominican Republic, was found smoking and smoldering. In the third incident, which took place in June, a burned package containing a lithium-ion bicycle motor was discovered when cargo handlers unloaded a plane in Honolulu. ALPA said all three incidents recall a 2006 incident where lithium batteries caused a fire on board a UPS plane that injured three crew members and damaged cargo. Source: http://www.pcworld.com/article/170815/airline_pilots_want_ban_on_lithium_battery_s hipments.html 15. August 26, Fairbanks Daily News-Miner ­ (Alaska) Fairbanks International Airport evacuated after gas smell reported. Airport personnel and travelers were evacuated about 9 p.m. Tuesday from the Fairbanks International Airport (FIA) terminal after an odor of gas was reported by several passengers waiting on the upper level. The evacuation lasted a maximum of 10 to 15 minutes, said a FIA public information officer. Airport Fire and Rescue and maintenance crews on duty searched the building for the source of the smell. Flight arrivals and departures were not affected by the

-7-

evacuation. Source: http://newsminer.com/news/2009/aug/26/fairbanks-international-airportevacuated-after-ga/ 16. August 24, Grand Junction Sentinel ­ (Colorado) Three accused of tampering with train. Three transients tooted a locomotive's horn before being arrested in Glenwood Canyon, authorities say. An eastbound freight train was brought to an emergency stop in the canyon after the trio entered a rear locomotive and began playing with the brakes and horn, said a railroad spokesman. The three face felony and misdemeanor charges including endangering public transportation, trespassing, criminal tampering and conspiracy to commit a felony. The incident occurred on a Burlington Northern Santa Fe train on Union Pacific track at the Bair Ranch Rest Area near the east end of Glenwood Canyon in Colorado. The sheriff's department said the train's cargo included hazardous materials. An arrest affidavit said the conductor told investigators the transients' actions could have caused a derailment, but the sheriff's office disagreed. The conductor said the rear locomotive was being remotely controlled by the crew in the front locomotive. The transients did not have the ability to make the train move, but playing with the brakes caused the train to automatically brake and come to a stop, he said. The locomotive had to be decontaminated after urine and other substances were found in it. Source: http://www.gjsentinel.com/news/content/news/stories/2009/08/24/082509_1a_transient s_and_train.html For more stories, see items 1, 52, and 54 [Return to top]

Postal and Shipping Sector

Nothing to report [Return to top]

Agriculture and Food Sector

17. August 26, USAgNet ­ (Florida) Georgia food processor faces fine over safety breaches. The Occupational Safety and Health Administration has proposed fining Mar-Jac Poultry Inc. of Gainesville, Florida for failure to keep its hazard analysis records up to date, as well as citing dozens of serious health and safety breaches, reports Food Production Daily. The poultry processing company is facing almost $380,000 in fines for a series of `willful and serious' health and safety violations committed over a five-year period. These were listed as a failure to update its hazard analysis at five-year intervals as required, not establishing specific maintenance procedures for its processing equipment, as well as not carrying out equipment and procedural changes for its ammonia refrigeration system in 2004, 2005 and 2008. The

-8-

poultry processor was also censured for failure to perform required compliance audits for the years 2000, 2003 and 2007. Source: http://www.wisconsinagconnection.com/story-national.php?Id=1766&yr=2009 18. August 25, Associated Press ­ (California) Deadly citrus pest migrates to Orange County. California state agriculture officials are imposing a quarantine in part of Orange County after a bug capable of damaging the state's citrus industry was trapped there. Officials say it's the Asian citrus psyllid's first migration out of the San DiegoImperial counties quarantine zone. Five adult psyllids were trapped on a backyard lemon tree in Santa Ana. Tests are being conducted to determine whether they carried the huanglongbing disease, a bacteria that has caused billions of dollars of damage across Florida. Infected psyllids spread the tree-killing disease, calling "citrus greening," when they feed on leaves. So far the only psyllid found infected with the bacteria was detected by a Fresno County sniff dog last month in a FedEx package shipped from India. Source: http://www.mercurynews.com/breakingnews/ci_13199382?nclick_check=1 19. August 25, Reliable Plant Magazine ­ (Indiana) Clean-air violations will cost Vertellus $1.13 million. The U.S. Environmental Protection Agency (EPA) and the U.S. Department of Justice have reached an agreement with Vertellus Agriculture and Nutrition Specialties LLC on alleged clean-air violations at the company's agricultural and nutritional chemical plant in Indianapolis, Indiana. The agreement, which includes a $425,000 penalty and a $705,000 environmental project, resolves EPA allegations that Vertellus failed to comply with leak detection and repair requirements of the national emission standards for hazardous air pollutants. Vertellus has already taken steps to come back into compliance by installing a new incinerator to control hydrogen cyanide and benzene emissions and to implement a comprehensive set of leak detection and repair practices that go beyond regulatory requirements. Source: http://www.reliableplant.com/article.aspx?articleid=19648&pagetitle=Cleanair+violations+will+cost+Vertellus+$1,13+million [Return to top]

Water Sector

20. August 25, Stafford County Sun ­ (Virginia) Lightning strike causes pump station overflow. The sewage pump stations at Austin Run and Potomac Hills overflowed on August 22 due to lighting strikes that disabled the flow transducers at both stations, according to a press release from Stafford County, Virginia. The transducers control the pumps that move the effluent from the wells to the Aquia treatment center. The Austin Run station overflowed approximately 2.5 million gallons into Austin Run and Aquia Creek. The Potomac Hills station overflowed approximately 55,000 gallons, also into Aquia Creek. The sewage from both stations has been washed downstream due to the rapid flow of water caused by the heavy thunderstorm on August 22. The overflow volumes are much higher than normal because the telemetry system for these two stations malfunctioned and did not trigger the station alarms, as they are designed to do

-9-

during an overflow. The telemetry system monitors flows at the sewage pump stations. Because the alarms did not activate, Utilities plant operators were unaware of the overflows when they occurred. The overflows were not discovered until Utilities mechanics rebooted the telemetry system at 7 a.m. on August 24, after their routine inspection of the telemetry system. The stations have been repaired and are now operating normally. Staff is also working with the telemetry contractor to determine how to prevent the malfunction from recurring. In addition, staff has spread lime to disinfect the area of the spill. The overflows were reported to the Virginia Departmental of Environmental Quality (DEQ). The Health Department was also notified. Staff has notified the Aquia Harbour Homeowners Association because some homeowners have property that abuts Aquia Creek. Source: http://www2.staffordcountysun.com/scs/news/local/article/lightning_strike_causes_pu mp_station_overflow/42074/ 21. August 25, U.S. Environmental Protection Agency ­ (Connecticut) Industrial launderer will pay $525,000 for Clean Water Act violations. AmeriPride Service, Inc., an industrial launderer with a facility in Hartford, Connecticut, will pay a $525,000 penalty under the terms of a settlement for alleged violations of federal and state clean water laws and a government-issued permit. The settlement was announced jointly by a United States attorney and the Acting Regional Administrator for the U.S. Environmental Protection Agency's (EPA) New England Office. A civil Complaint and Consent Decree were simultaneously filed on August 24 in U.S. District Court in New Haven. According to the EPA Complaint, AmeriPride violated a federal environmental law by discharging low pH wastewater to the sewer system that flows into the Metropolitan District Commission's Hartford wastewater treatment facility. The complaint also alleges that AmeriPride violated a discharge permit issued by the State of Connecticut that set industrial discharge limits for a number of pollutants. From July of 2001 through March of 2008, AmeriPride's wastewater discharge repeatedly violated the "National Pretreatment Standard" prohibiting the discharge of wastewaters with a pH lower than 5.0 Standard Units in violation of the Clean Water Act. AmeriPride's wastewater discharges also frequently violated industrial discharge limitations for pH, oil and grease, and total zinc, total lead and total copper imposed in a May 31, 2001 industrial discharge permit that the State of Connecticut issued to AmeriPride. Despite years of numerous violations, AmeriPride did not fully resolve its wastewater violations until March of 2008 when AmeriPride completed the installation of a new industrial wastewater treatment system. Source: http://yosemite.epa.gov/opa/admpress.nsf/0/3E1A04B6AC5398588525761D006A67E8 22. August 25, Milford Daily News ­ (Connecticut) Milford asks state to review water problems. Selectmen are calling in a state agency to listen to residents' concerns about the Milford Water Co. and take action, following the Connecticut town's two-week drinking water crisis. The board voted the night of August 24 to petition the Department of Public Utilities (DPU) to hold public hearings and put the private utility under a microscope. The state would look at overall quality of service, infrastructure

- 10 -

and other aspects of the business, then issue directives, including on potential rate hikes. A town-wide boil order, issued due to bacterial contamination of the drinking supply, was fully lifted on August 21. Reports on the crisis are expected from the town, Milford Water Co. and state Department of Environmental Protection (which comes under DPU's umbrella). Selectmen saw merit in getting the agency involved. The Milford Water Co. vice president said management certainly wants to learn from the company's first and only crisis like this, and make sure the water is never dirty again. An investigation continues, but officials believe the source of the E. coli and coliform bacteria was the Congress Street water storage tank. An inspection revealed holes in its Fiberglas roof and issues with the caulking on the edges. The free bottled water distribution at the high school was a fiasco, between the traffic tie-ups, need for police details and belief that some people abused the system. It ran for eight straight days and ran up a bill of more than $200,000 for the company. Source: http://www.milforddailynews.com/news/x1476163597/Milford-asks-state-toreview-water-problems 23. August 25, Associated Press ­ (New Jersey) Spill at sewage plant could close Sandy Hook beach. A chlorine spill at a sewage treatment plant on the New Jersey shore could temporarily close part of the beach at Sandy Hook. The spill occurred on August 25 in a plant operated by the National Parks Service that serves the entire peninsula. A Parks Service spokesman says about 20 gallons of chlorine spilled and created a cloud of gas. Employees were evacuated and no injuries were reported. Beachgoers at Gunnison Beach were evacuated, and he said if the treatment plant is not back online by August 26 the beach may have to be closed. Source: http://www.philly.com/philly/wires/ap/news/state/new_jersey/20090825_ap_spillatsew ageplantcouldclosesandyhookbeach.html 24. August 25, EE Times ­ (Massachusetts; National) MIT's robotic fish target monitoring tasks. Robotic fish could swim in schools of hundreds to perform surveys, environmental monitoring, reconnaissance and other underwater tasks, according to Massachusetts Institute of Technology (MIT) researchers who recently displayed prototypes. Measuring just a few inches long, the robotic fish combine flexible polymers with microprocessor controllers to swim, observe and return to report their findings. "If you use traditional materials like pulleys, cables and gears, you end up with a very complex and expensive mechanism that has a high probability of failing," said an MIT researcher. "We wanted to make robotic fish that were cheap, robust and resilient in the real world, so we enclosed everything in a flexible monolithic body with no parts that can break loose." The polymer compounds used to make the fish were of variable stiffness in different sections to perform the functions of discrete components. MIT's original design back in 1994 had over 2,000 components, including six motors. Other researchers have continued to design similar robo-fish using traditional materials, but the MIT researchers took a cue from the design of modern prosthetic limbs to make their robo-fish cheaper and more reliable by virtue of reducing the number of moving parts to just 10, including a single motor. Some prototypes have survived in the lab for four years of constant underwater tests without a leak. Since radio communications

- 11 -

underwater are limited, even with powerful tranceivers, the MIT engineers proposed to instead release the robo-fish in schools of hundreds, depending on them swimming back home to report any findings. The schools would perform such missions as sensing each other with visual cues and precision pressure sensors that allow the robo-fish to "run" together. Source: http://www.eetimes.com/news/latest/showArticle.jhtml?articleID=219401431 25. August 24, Toledo Blade ­ (Ohio) Thousands of fish killed in Swan Creek. Dead fish lined the banks of a popular fishing spot along Swan Creek on August 23 as the Ohio Department of Natural Resources (ODNR) investigated a large fish kill numbering in the tens of thousands in a roughly two-mile area near Highland Park. The cause of the deaths was unclear. Oxygen depletion in the water caused the fish to drown, but what caused the oxygen level to fall was unknown. The acidity balance and water clarity were good, and the creek appears to be an otherwise healthy ecosystem with large-sized bass and pike found among the dead fish. Several ODNR officers waded in the water counting the fish, and Toledo Environmental Services tested the water to help identify the source of the problem. Source: http://www.toledoblade.com/apps/pbcs.dll/article?AID=/20090824/NEWS16/90824033 3 For another story, see item 1 [Return to top]

Public Health and Healthcare Sector

26. August 25, Palm Beach Post ­ (Florida) Angry patient makes bomb threat on suburban Delray Beach doctor's office. The Palm Beach County Sheriff's Office cleared a doctor's office this morning after a patient threatened to blow up the Delray Beach facility because it was closed on Monday. The bomb threat prompted authorities to evacuate about 40 people from the building about 10:30 a.m. A K-9 unit was brought to Primary Care Associates located on Atlantic Avenue just west of Military Trail to search for any explosives. Authorities said a male patient, apparently upset that the doctor's office was closed on Monday, left the threat with an answering service. Source: http://www.palmbeachpost.com/news/content/local_news/epaper/2009/08/25/0825bom bthreat.html 27. August 25, U.S Food and Drug Administration ­ (International) FDA authorizes emergency use of H1N1 test for U.S. troops serving overseas. The U.S. Food and Drug Administration Tuesday announced it has issued an Emergency Use Authorization (EUA) that allows a 2009 H1N1 influenza virus test to be used to detect the virus in troops serving overseas.The EUA allows the U.S. Department of Defense to distribute the H1N1 test to its qualified laboratories that have the required equipment and trained personnel to perform the test and interpret its results. An EUA authorizes

- 12 -

the use of unapproved medical products or unapproved uses of approved medical products during a declared public health emergency. The U.S. Centers for Disease Control and Prevention (CDC) developed the test, which is called the CDC swH1N1 (swine) Influenza Real-Time RT-PCR. Source: http://www.fda.gov/NewsEvents/Newsroom/PressAnnouncements/ucm180153.htm 28. August 25, Associated Press ­ (National) Veterans wrongly told they have fatal disease. Letters were sent to 1,864 veterans about disability benefits for those with ALS, also known as Lou Gehrig's disease, and a "small number" have contacted the VA indicating they received the letters in error, a VA spokeswoman said Monday night. However, the National Gulf War Resource Center said Reid was among at least 1,200 veterans who received the letter, even though they had not been diagnosed with the illness. Veterans were initially suspicious, but still went through the pain not knowing whether they had the degenerative disease, which typically kills people within five years. The Resource Center said at least 2,500 letters informing veterans of disability benefits for ALS sufferers were sent, with almost half a mistake. A VA spokeswoman said the number sent was not that high and that only less than 10 people had called to say they had gotten an ALS benefits letter but didn't have the disease. Source: http://www.foxnews.com/story/0,2933,542086,00.html?test=latestnews 29. August 24, Associated Press ­ (Maryland) Md. hospitals to share data, track diseases. Maryland's governor plans to announce the launch of a computer system that will allow all hospitals in Maryland to share data on admittances, diagnoses and treatments. The system will allow hospitals to quickly track the spread of diseases including swine flu. A spokesman for the governor says Maryland is the first state in the country to have 100 percent of its hospitals participating in such a program. The governor will talk about the system at a news conference in Laurel next Monday afternoon. He also intends to discuss Maryland's efforts to slow the spread of swine flu. State health officials are planning to offer the swine flu vaccine to every Marylander who wants it, but the plan depends on the widespread availability of the vaccine. Source: http://www.washingtonpost.com/wpdyn/content/article/2009/08/24/AR2009082401329.html?hpid=topnews [Return to top]

Government Facilities Sector

30. August 26, WLWT 5 Cincinnati ­ (Ohio) Scene cleared after bomb threat at Job Corps. A bomb scare ended Wednesday morning with no explosives found. Police said a threat was found scribbled on a bathroom wall inside the Cincinnati Job Corps building at 1409 Western Ave. The building was temporarily evacuated while bombsniffing dogs were called in to look for explosives. The Job Corps' director told News 5 that nothing was found. People were being allowed back into the building. The Cincinnati Job Corps offers free education and training to young people to help them

- 13 -

find and keep a job, as part of the U.S. Department of Labor. Source: http://www.wlwt.com/news/20562345/detail.html 31. August 25, Nextgov ­ (National) DHS official: Agencies must make high-risk cyber threats top priority. Federal agencies should prioritize their information security requirements to ensure mission-critical operations are protected first, and delineate between "that which is aggravating and that which is truly dangerous," the Homeland Security Department's cyber chief said during a conference on Tuesday. Cyberattacks are growing far more sophisticated, in part because they are more difficult to detect, said the assistant secretary of DHS' Office of Cybersecurity and Communications. He and the chief executive officer of security vendor McAfee spoke Tuesday at the GFirst conference in Atlanta hosted by the U.S. Computer Emergency Readiness Team. "The more sophisticated attacks ...are low and slow, designed to not draw attention, but insidiously get at data and resources," the assistant secretary of DHS' Office of Cybersecurity and Communications said. "Yet at the same time, the level of noise from less sophisticated attacks continues to grow. This makes for an environment where it is easy to focus on the wrong pieces of the puzzle while bad things happen under the radar." The challenge for agencies is determining where to focus their limited resources in such a hostile environment, he said in an interview with Nextgov.com after his speech. "We have to put an appropriate level of resources to those issues" that are less critical, he said, such as a denial-of-service attack that temporarily blocks access to an agency's network or Web defacement that alters online content. "At the same time, we need to recognize that those are not the really dangerous attacks. It's a resource [allocation] issue; when you have so much attention focused on these areas that are not as critical, the less noisy attacks can" go unnoticed. Only agencies can prioritize information security efforts based upon their individual missions, he said. "[DHS] can help set some requirements and assist in moving the ball forward, but the agencies themselves have to understand their risk profiles and execute against their mission," he said. Source: http://www.nextgov.com/nextgov/ng_20090825_7424.php 32. August 25, WDTV 5 Bridgeport ­ (West Virginia) Chemical spill evacuates part of WVU building. A chemical spill sent one person to the hospital and evacuated part of a West Virginia University (WVU) building. WVU issued an emergency alert Monday at about 8:00 PM. Crews evacuated the 2nd floor of the Health Sciences Center and about an hour later confirmed it was safe to go back inside. Morgantown fire officials say a graduate student was splashed with Phenol after a "small spill" in a lab. A school spokeswoman said the student suffered only minor burns to her leg. Source: http://www.wdtv.com/news/local/54759642.html [Return to top]

Emergency Services Sector

33. August 26, Belleville News-Democrat ­ (Illinois) Veteran police officer's gun is stolen from patrol car. East St. Louis police are investigating a report from one of

- 14 -

their veteran officers that his duty weapon was stolen. The officer in question made the report August 11. The gun was apparently stolen after the officer left it in his patrol car after finishing a shift. Source: http://www.bnd.com/179/story/896559.html?storylink=omni_popular 34. August 25, WTAE 4 Pittsburgh ­ (Pennsylvania) Fake murder/hostage call triggers huge police response. A man is wanted for allegedly calling in a false report that gunmen had taken over a church camp, causing state police troopers from Greensburg, Somerset, Uniontown and New Stanton to quickly respond, along with a helicopter from Altoona. Police at the Uniontown barracks said the 47-year-old man's call on August 15 cost more than $3,200 in wasted manpower as state troopers scrambled toward what they believed to be a chaotic, dangerous scene. "The resources that we had brought to the situation -- if something else major would have happened in the county, we would have been slow to respond, so you're risking a catastrophe someplace else in the county," a trooper said. "We still had manpower to respond but not as much as we wanted." Source: http://www.thepittsburghchannel.com/cnn-news/20551947/detail.html 35. August 24, Associated Press ­ (Iowa) Flood-damaged Iowa center to be demolished. Demolition is expected to start soon on the flood-damaged Benton County Law Enforcement Center in Vinton. A Cedar Rapids company, Design Dynamics, has given county supervisors a timeline for razing the building, which was swamped during last summer's floods. Supervisors have already approved design drawings for a new center, which will include a 32-bed jail, a 911 dispatch center and offices for the sheriff, deputies and investigators. Source: http://wcco.com/wireapnewsia/Demolition.soon.for.2.1141547.html [Return to top]

Information Technology Sector

36. August 26, Network World ­ (International) Trojan attacks up, phishing attacks down this year, IBM finds. Spam-based phishing attacks declined noticeably during the first half of the year, but cyber-criminals may simply be shifting to other technologies found to be more effective in stealing personal data, according to IBM in its semi-annual security threat report. "The decline in phishing and increases in other areas (such as banking Trojans) indicate the attackers may be moving their resources to other methods to obtain the gains that phishing once achieved," is the explanation offered in the "IBM Internet Security Systems 2009 Mid-Year Trend & Risk Report." It says Russia is the top country of origin for phishing e-mails, with 7.2 percent share, while China is the top hosting country for spam URLs. IBM's semi-annual security report presents a broad view of trends based on its own analysis of volumes of sensor data, Web crawling technologies and other resources used to gather information through its Internet Security Systems division. In the first half of 2009, 55 percent of the new malware seen was Trojans, an increase of 9 percent over last year, the report says. Trojan malware, which includes components called downloaders and info-

- 15 -

stealers, are mainly being used in the form of "public-available toolkits" that are "easy to use" by criminals, the report points out. The number of malicious Web links used to trick users into downloading malware or visiting dangerous sites has increased, up 508 percent in the first half of 2009 in comparison to the number discovered in the first half of 2008, says the report. The U.S. is the top country where such malicious Web links can be found, accounting for 36 percent of known malicious links, with China holding the second spot. Source: http://www.networkworld.com/news/2009/082609-ibm-malware-trojans.html 37. August 26, Daily Tech ­ (International) Apple reportedly using malware detection in Snow Leopard. Not wanting to be made the target of new PC ads mocking its lack of antivirus support, Apple reportedly is packaging its new OS X 10.6 "Snow Leopard", set to air on August 28, with free antivirus software. Security research firm Intego, which maintains a Mac security blog that monitors various OS X-specific malware, first noticed and reported the development. The firm was running the new version of OS X, when they noticed it detected and removed malware. The process was carried out via a popup window, which they took a screenshot of, but they were either unable to determine or chose not announce who made the antivirus software. Intego's post indicated that they were not making the product. ClamAV -- currently the AV engine in Apple's server operating system -- also seems unlikely as the virus detected had the signature "OSX.RSPlug.A", a signature that ClamAV currently doesn't support (ClamAV does have a signature for "OSX.RSPlug" [1]). Similar, McAfee and Sophos use the names OSX/Puper.a [2] and OSX/RSPlug-A [3], respectively. That leaves Symantec as one possibility. Another is that Apple has developed its own proprietary antivirus software, which would not be surprising. Source: http://www.dailytech.com/Apple+Reportedly+Using+Malware+Detection+in+Snow+L eopard/article16083.htm 38. August 26, The Register ­ (International) MS phishing filter blacklists everything. A wide range of uk.com websites were misclassified as malign by anti-phishing technology built into the latest versions of Microsoft's browser software on August 26. Microsoft's SmartScreen Filter, which is built into IE7 and IE8, labelled every uk.com top level domain site as a phishing site following what appears to be a dodgy rule change applied overnight. Many of the sites have been unblocked, but many others remain labelled as potentially dangerous to surfers visiting the site running Microsoft's consumer protection technology. The issue created a headache for UK ISPs, with hosting customers calling up wondering what the heck was going on. An ISP source who was the first to tell The Register about the problem said that its phones are "red hot" from calls about the issue. Microsoft responded to The Register's queries promptly by saying it was investigating the issue. CentralNic, registrar for uk.com domains, published a statement saying Microsoft has promised to resolve the problem within two hours, by 1330 BST. "We have been made aware that the Microsoft SmartScreen filter included with Internet Explorer 8 is erroneously marking some domain names as being unsafe," it said. "The most likely explanation is that a genuinely unsafe website under one of our suffixes was reported to Microsoft, but they incorrectly added all the

- 16 -

domains under that suffix to their list of unsafe websites. Source: http://www.theregister.co.uk/2009/08/26/ms_phishing_filter/ 39. August 25, CNET News ­ (International) Google patches severe Chrome vulnerabilities. Google has fixed two high-severity vulnerabilities in the stable version of its Chrome browser that could have let an attacker remotely take over a person's computer. With one attack on Google's V8 JavaScript engine, malicious JavaScript on a Web site could let an attacker gain access to sensitive data or run arbitrary code on the computer within a Chrome protected area called the sandbox, Google said in a blog post Tuesday. With the other, a page with XML-encoded information could cause a browser tab crash that could let an attacker run arbitrary code within the sandbox. Chrome 2.0.172.43 (click to download for Windows) fixes the issues and another medium-severity issue. Once Chrome is installed, it retrieves updates automatically and applies them when people restart the browser. Google won't release details of the vulnerabilities until "a majority of users are up to date with the fix," a engineering program manager said in the blog post. Source: http://news.cnet.com/8301-30685_3-10317320-264.html 40. August 25, Softpedia ­ (International) Over 62,000 new URLs serving exploit cocktail. Security researchers advise that a new mass compromise attack is underway and has affected over 62,000 URLs to date. A rogue IFrame injected into the compromised Web pages loads a cocktail of exploits and malware from other domains. Web security company ScanSafe has been monitoring this new threat and advises that the infection pattern is a hidden IFrame loading JavaScript content from a domain called a0v.org. A Google search for "script src= reveals 62,100 results. A senior security researcher at ScanSafe, has told The Register that the infections are the result of SQL injection attacks. The x.js called from a0v.org has the role of loading exploits from a number of seven other domain names. At the moment of writing this article, Google's Safe Browsing was tagging a0v.org as malicious. "The malware hosting domains were registered on or after August 3, 2009 and include: ahthja.info, gaehh.info, htsrh.info, car741.info, game163.info, car963.info, and game158.info. The most prolific observed by ScanSafe thus far has been ahthja.info," the researcher writes on the company's blog. If exploitation is successful, several malware installers are dropped and executed onto the victim's computer as drive-by downloads. The security researcher warns that "post infection, additional malware may also be downloaded" from a different host. The exploits target vulnerabilities in popular software, including Internet Explorer, Mozilla Firefox, Adobe Flash Player, Adobe Reader and Acrobat or avast! Antivirus. AV detection rates for the malicious executables downloaded during the attack range from poor to moderate on Virustotal. Source: http://news.softpedia.com/news/Over-62-000-New-URLs-Serving-ExploitsCocktail-120006.shtml 41. August 25, Softpedia ­ (International) New Chinese social networking worm discovered. Security researchers warn that a new worm has been spotted on Chinese social networking website Renren.com. The worm masquerades a flash music video of Pink Floyd's Wish You Were Here and spreads by exploiting a cross-site scripting

- 17 -

hole. The message has the title "Pink Floyd ­ Wish You Were Here" and it contains a maliciously crafted Flash component loaded with AllowScriptAccess="always" parameter. According to Adobe "When AllowScriptAccess is `always', the SWF file can communicate with the HTML page in which it is embedded even when the SWF file is from a different domain than the HTML page." The flash file is used to execute the JavaScript code present in the message body and load a script called evil.js from an external domain. As researchers indicate, the JavaScript code is used to exploit a crosssite scripting (XSS) flaw present in the website and spread the worm through its API. Social networking worms have been increasing in number for the past few years, suggesting that these new platforms are good hunting grounds for cybercrooks. Boris Lau, a virus researcher at antivirus vendor Sophos, which detects this new threat as W32/Pinkren-A, points out that "this is same technique used back in 2007 by the Okurt worm." Renren is a Facebook-like website very successful in China. Such local threats are important to the Westerners as well, because Chinese computers compromised by worms like these will join to form large botnets. These armies of zombie computers will then be used to send spam and perform distributed denial of service attacks globally. Source: http://news.softpedia.com/news/New-Chinese-Social-Networking-WormDiscovered-120021.shtml 42. August 24, The Register ­ (International) Scammers step up attacks on Warcraft players. A researcher from anti-virus firm Webroot has written how official forums offered by WoW creator Blizzard are being used to spread links that lead to malware that steals passwords and other game credentials. The scam employs the common technique of telling visitors that their Adobe Flash player needs to be updated and then offering a malicious trojan instead of the real installation file. Elsewhere, phishers are churning out emails that purport to be official communications from Blizzard, according to researchers from security provider Sophos. The emails claim the game maker is launching a new service and invites them to click on a link for a free sneak peak. The resulting website, in turn, phishes user credentials. The attack outbreaks come a few weeks after Blizzard issued an update for Warcraft III that fixed a gaping hole that could lead to the complete hijacking of machines running the real-time strategy game. According to a Webroot researcher it was exploited simply by getting vulnerable victims to join a custom game hosted with booby-trapped maps. Attackers targeted the vulnerability in a game called DotA, or Defense of the Ancients, by creating fake maps that used the same file configurations as legitimate custom maps. "What makes this exploit particularly nasty is the fact that your PC gets infected the moment you join a game where the infected DotA map is in use," the researcher wrote. "Once downloaded, the game automatically unpacks the infected map and executes the malicious code." Source: http://www.theregister.co.uk/2009/08/24/world_of_warcraft_attacks/

- 18 -

Internet Alert Dashboard

To report cyber infrastructure incidents or to request information, please contact US-CERT at [email protected] or visit their Website: http://www.us-cert.gov. Information on IT information sharing and analysis can be found at the IT ISAC (Information Sharing and Analysis Center) Website: https://www.it-isac.org/.

[Return to top]

Communications Sector

43. August 26, Information Week ­ (International) Dell launches 10 gigabit ethernet in storage array. Dell on August 25 introduced an upgrade of its Dell/EMC CX4 storage arrays that includes a 10 Gigabit Ethernet, which the vendor says addresses the input/output needs for the growing compute density of virtualized environments within data centers. The latest version of the CX4 arrays contains an UltraFlex Modular I/O that enables customers to add ports supporting 8 Gb and 4 Gb Fibre Channel and 1 Gb and 10 Gb iSCSI. The latter enables companies to consolidate "stranded servers" onto an existing storage-area network, support more virtual servers and aggregate multiple 1 Gb iSCSI connections to fewer 10 Gb ones, Dell said. "Ethernet is increasingly being chosen as the networking technology for storage as customers look to consolidate and virtualize their data centers," the vice president of enterprise storage and networking at Dell, said in a statement. "With a 10 gigabit option and its inherent advantages in virtualized environments, Ethernet's case gets even stronger as the most simple and capable networking fabric." In addition, Dell has added virtualization-aware Navisphere management software that provides automatic discovery of virtual machines and VMWare ESX servers, virtual-to-physical machine mapping and advanced search for VMs. Finally, the arrays upgrade includes drive spin-down as a standard feature to help reduce power and cooling requirements. The feature enables users to set policies for drives to power down when not in use. Source: http://www.informationweek.com/news/storage/virtualization/showArticle.jhtml?article ID=219401489 44. August 26, Wired News ­ (International) Cutbacks could be causing IT outages. When eBay's PayPal unit suffered a worldwide outage early this month, Sailrite Enterprises Inc., a sailing supply company based in Churubusco, Ind., lost its critical customer payment services for six hours.The next day, August 4, PayPal's services failed Sailrite again, this time for about an hour, according to the a vice president at Sailrite. He posted a blunt message on PayPal's blog site: "This is not acceptable." In an e-mail, San Jose-based PayPal blamed the outage on a problem with a "back-end router" that was complicated by a failure in the company's redundancy measures. The PayPal electronic payment system is one of many Internet-based services that have been hit with outages. And based on news reports, the number of such incidents appears to have been increasing in recent months, analysts said. They cited shutdowns of the Google Apps software hosted by Google, outages at data centers

- 19 -

run by Rackspace Hosting Inc. and a distributed denial-of-service attack on Twitter. Observers pointed to several possible reasons for the apparent uptick in online outages, including IT budget and personnel cutbacks, increasing corporate dependence on hosted applications, and bad luck. The chief security strategist at Citrix Systems in Fort Lauderdale, Florida, said he wonders whether a two-hour shutdown of Cisco Systems's Web site this month "would [have] happened a few years agoâ ¦ when they had multiple people checking every single change." Cisco blamed the outage on human error. IT staff cuts spurred by the economy are likely to continue throughout the remainder of the year. According to a survey of 300 IT center managers last year by the Association for Computer Operations Management, half of all data centers were planning to cut 2009 budgets by an average of 15%. Respondents at 14% of those companies said the cuts would include layoffs of IT staffers. A executive director of Uptime Institute Inc., a data center engineering and consulting firm, said such budget and personnel cutbacks can prove disastrous to IT. "We're not doing the maintenance we should be doing, and when you don't do maintenance, you increase the probability of catastrophic failure," he said. The executive added that energy-efficiency efforts may be prompting data centers to cut back on redundant equipment and run their systems harder, exposing equipment flaws. Source: http://www.wired.com/epicenter/2009/08/cutbacks-could-be-causing-itoutages/ 45. August 25, SCMagazine ­ (International) Wireless flaw could let hackers breach wired network. Researchers at a security firm on August 25 disclosed a vulnerability within the Cisco wireless framework that could offer intruders a gaping entryway into an organization's network. The AirMagnet Intrusion Research Team said it discovered an exploit, known as "skyjacking," which could enable someone, either on purpose or by accident, to take control of a wireless access point (AP) and point it to an outside Cisco controller. "Access points do not normally get connected to the wrong controller," the AirMagnet's director of product management told SCMagazineUS.com on August 24. "If [one does], you have a big problem. We've uncovered a way where, by accident or design, an access point could get connected to the wrong controller or a controller that's not in its network." By doing that, attackers could assume control of a legitimate access point, which not only gives them visibility into relayed data but also could open the gates into an organization's wired network. "You've taken an approved AP and turned it rogue," the director said. "At this point, you've got the keys to the castle. You have an authorized wireless connection into a wired network. Not only would you be able to see everything that access point does but, more importantly, you'll have accessed your way into the wired part of that network...So you've got a full breach." Researchers at AirMagnet, which has been acquired by Fluke Networks, also detected another problem in the Cisco network. Leveraging Cisco's Over-the-Air Provisioning feature, engineers found that data belonging to wireless controllers, such as IP and media access control (MAC) addresses, is inadvertently broadcast unencrypted. With that information, attackers can target these devices, which support large numbers of access points, with attacks such as denial-of-service attempts, the AirMagnet director said. In addition, intruders can use the data to learn more about a company's network topology.

- 20 -

http://www.scmagazineus.com/wireless-flaw-could-let-hackers-breach-wirednetwork/article/147241/ 46. August 25, Datamation ­ (International) 85 cloud computing vendors shaping the emerging cloud. The era of cloud computing is dawning amid great fanfare, supported by mountains of cash and reams of hype. Whether this change is positive is debatable, very real concerns plague cloud computing, but the tech industry has decided: the cloud is king. Just as the hulking mainframes of the 1960s were replaced by client server systems in the 1980s, the in-house datacenter is now shifting toward an externallybased model. Vendors of every size are maneuvering, targeting this new market. The U.S. government just unveiled plans to start offering cloud computing services to federal agencies. Currently, many vendors are slapping the term `cloud' on their product. Cloud computing allows for access of software over the Web, instead of on a hard drive. Software might sit on a server in New York or New Delhi or New Haven, Connecticut. Or maybe that app combines services from apps that reside in New York and New Delhi, with an add-on from a New Haven provider. Microsoft, with its Azure cloud initiative, is quietly investing massively in leviathan datacenters across the country to host its cloud offering. IBM's cloud push benefits greatly from the company's global stance and deep focus on services. Google's cloud strategy is supremely well positioned, with a well-tuned international server network and its Webbased Chrome OS. Some industry wags deride Amazon as the utility cloud provider whose offering isn't differentiated enough, yet it keeps growing. Source: http://itmanagement.earthweb.com/entdev/article.php/3835941/85-CloudComputing-Vendors-Shaping-the-Emerging-Cloud.htm [Return to top]

Commercial Facilities Sector

47. August 25, Lukin Daily News ­ (Texas) Investigator: Motel fire set by meth cooks. Two Angelina County men suspected in setting fire to American Motel earlier this year were reportedly cooking methamphetamine, according to an Angelina County Sheriff's investigator. The early morning fire at the L-shaped motel off U.S. 59 North nearly destroyed the place on January 13, gutting 16 rooms and sending a Redland volunteer firefighter to the hospital where he stayed for three days. The fire occurred after one man checked into the motel at 3 a.m., according to a state fire marshal's report. Another man joined him from a vehicle parked outside and they both went into room 28, the report stated. Fifteen minutes later the hotel room was fully engulfed in flames. The motel owner told investigators her husband was able to get all guests out of their rooms before they dialed 911. The fire was of an incendiary nature, meaning it was deliberately set, the report stated. Investigators also found bottles of lighter fluid at the scene, according to American Motel owner. Source: http://www.lufkindailynews.com/news/content/news/stories/2009/08/26/motel_fire.htm l

- 21 -

48. August 25, Gloucester County Times ­ (New Jersey) Fumes from faulty battery force office evacuation. Strong sulphur-like fumes emanating from a faulty computer battery forced the evacuation of an office building in the American Metro Center complex in Hamilton on Monday, according to officials. Four office workers were treated at the scene for respiratory irritation, and one firefighter was transported to Robert Wood Johnson University Hospital Hamilton for a minor ailment, officials said. A Mercerville fire deputy chief said the problem began when a battery unit in Office Building 300 malfunctioned around 7 a.m. on Monday. The battery began giving off a rotten egg-like smell that became strong enough to result in workers calling fire officials around 11 a.m. Firefighters evacuated the building, removed the battery, and began a lengthy ventilation process that took close to four hours due to the building's large size, officials said. Workers, who congregated outside the building for a while as firefighters worked, were eventually dismissed for the day. Source: http://www.nj.com/news/times/regional/index.ssf?/base/news17/1251179130251190.xml&coll=5 49. August 24, Jersey Journal ­ (New Jersey) Suspicious package detonated in front of Stanley Theater in Journal Square. A portion of Journal Square in Jersey City was closed this morning while police investigated a suspicious package in front of the Stanley Theater at the corner of Pavonia Avenue and Kennedy Boulevard. It is believed that police detonated the package at about 10:45 a.m. One witness said the package was a briefcase. Police responded to the briefcase at about 9:30 a.m. Kennedy Boulevard, where it splits with Bergen Avenue, was closed all the way up to Cottage Street, and side streets and sidewalks were closed. All the roads have been reopened. There were two firetrucks, numerous police vehicles and a Jersey City Medical center EMS vehicle on the scene. Source: http://www.nj.com/news/index.ssf/2009/08/suspicious_package_detonated_i.html [Return to top]

National Monuments and Icons Sector

50. August 25, United Press International ­ (California) Wildfire burns in Angeles National Forest. Campgrounds in a national forest near Los Angeles were evacuated Tuesday after a quick-moving wildfire broke out in late afternoon, authorities said. The fire on San Gabriel Canyon Road in Angeles National Forest spread to 50 acres within a few hours. At least one vehicle was burned by the flames. The force included six air tankers, a helitanker and four helicopters supplied by the Forest Service and two helicopters from the county fire department. Source: http://www.timesoftheinternet.com/104553.html 51. August 25, WWL 4 New Orleans ­ (New Orleans) Plaquemines wants to put Fort Jackson back on the map. About 30 miles upriver from the mouth of the Mississippi River ­ behind numerous chains and padlocks ­ sits a fort that's been part of the landscape here for nearly two centuries. "We, as Plaquemines Parish people, are

- 22 -

constantly trying to save the history, but it's really hard. Because of hurricanes, we keep losing our history," said a man with the Plaquemines Historic Association. The repair costs are immense ­ more than $20 million for Fort Jackson alone ­ money the parish does not have. For safety reasons, the fort remains closed. However, two bills are now working their way through Congress, which could put this and another nearby fort, Saint Phillip, into the National Park System. Parish officials said they would welcome the federal designation for the forts, which could not only pay for their restoration and upkeep, but also help put them on the map ­ literally. It's a potential historical attraction, which could provide added economic revenue to the parish. The legislation could pass by the end of this year and the study could be finished before the end of next year. In the meantime, the parish is making some emergency repairs to Fort Jackson, so that the Plaquemines Orange Festival can return to the site in 2010. Source: http://www.wwltv.com/topstories/stories/wwl082509cbjackson.117404b4e.html For another story, see item 23 [Return to top]

Dams Sector

52. August 26, Dayton Daily News ­ (National) Stronger barrier to keep Asian Carp out of Great Lakes now on. The U.S. Army Corps of Engineers and U.S. Coast Guard have turned up the heat on Asian carp that threaten the Great Lakes. After years of debate and concern, the permanent electronic barrier near Chicago has been turned on, operating at two volts per inch. It has the capacity to operate at four volts per inch, but there is concern for the safety of boating traffic if the barrier is set at that level. A temporary barrier has been in operation, but only operating at one volt. But there is another problem. Apparently the new barrier has to be shut down for a couple of hours for maintenance every six months. That would leave the one-volt barrier as the only defense and it probably would not stop juvenile carp from invading. There is talk about using fish poison in the water between the barriers. A third barrier is in the design stage and is not supposed to be operational until 2011. The Coast Guard has recently completed safety testing for vessels using the Chicago Shipping Channel where the barriers are located. "These carp are clawing at the door now," a Great Lakes Fishery Commission spokesman told the Detroit Free Press. "They have the potential to be every bit as devastating as the worst invasives we have seen -- sea lamprey and zebra mussels." Source: http://www.daytondailynews.com/ohio-recreation/fishing/stronger-barrier-tokeep-asian-carp-out-of-great-lakes-now-on-266285.html 53. August 25, Kennewick Tri-City Herald ­ (Washington) Canal seepage forces KID water shutoff. Approximately 2,900 customers of the Kennewick Irrigation District (KID) in Washington will be without water this week while emergency repairs are done to the Badger East Canal. About 2,000 feet of the canal in the Country Ridge area between Keene Road and Brantingham Road in south Richland have to be coated with

- 23 -

a spray-on concrete mix to stop seeping water that has damaged several residential yards and at least one home's basement. The canal is dirt- and rock-lined, with a clay base put in last winter that helps to minimize, but not stop, seeping, said a KID spokeswoman. But the seepage has steadily increased over the past month, causing several neighbors to complain. A Richland rheumatologist, said his wife reported the problem to KID several weeks ago after noticing water was collecting in a window well for their basement. And his next-door neighbor said they also had water pooling in their backyard near the patio and back door. After monitoring the situation for the past month and receiving numerous complaints, KID's engineers decided August 26 to install temporary seepage water diversions on two Country Ridge residents' properties. The seepage began this summer after about seven miles of the Badger East Canal was refurbished by deepening and packing its sides and bottom with clay and dirt. The project involved removing a 20-year-old plastic lining that was determined to be near the end of its useful life, the spokesman said. "Earthen canals are designed to seep, but the Badger East Canal is in no danger of failure." KID will let the drained canal dry out on August 25 and begin applying the concrete on August 26. The Badger East Canal should be flowing with water again on August 28 to all affected customers. Source: http://www.thenewstribune.com/news/northwest/story/855932.html 54. August 25, Newson6 Tulsa ­ (Oklahoma) Locks and Dams repaired near Port of Catoosa. The two locks and dams closest to the Port of Catoosa in Oaklahoma are closed for maintenance. The work will delay shipping on a portion of the McClellanKerr Arkansas River Navigation System for at least 10 days, but it could prevent problems over the next decade. For the first time in 20 years, the lock and dam is almost dry. The U.S. Army Corps of Engineers scheduled this rare dewatering for heavy maintenance. "We have to close off both ends and pump the middle out, is the simplest way to explain it, so it's safe for everybody to work down inside the chamber and equipment and work on it as long as we need to repair the damage," said the project manager. On the downstream side, workers dig out dirt from the miter gates that hold back the water. Other workers replace anti-corrosion blocks in spots normally 15 feet under water. On the upstream side, the wear and tear of 20 years of service really shows. Wooden bumpers are worn away; the gates are bent because logs get trapped as they close. The workers will cut off and replace those massive parts. The water is so murky, divers work by feel alone, communicating with spotters watching the leaks. Other workers use hoses to spray out mud trapped in the gates. Every inch of the 600 foot long lock will be inspected and repaired. The work is crammed into 14 days so not interrupt shipping any more than necessary. By the end of the job, the seven feet of mud in the bottom will be bulldozed out and the lock should be ready for traffic for at least another 12 years. The next lock downstream, at Choteau, is undergoing the same kind of maintenance. The projects together are costing $1.5 million. It is only the second time the locks have been serviced since they opened in 1971. Source: http://www.newson6.com/Global/story.asp?S=10990445 55. August 25, WIRED ­ (National) Old American dams quietly become a multibilliondollar threat. Dams are getting older in the United States. The average age of America's 80,000 dams is 51 years. More than 2,000 dams near population centers are

- 24 -

in need of repair, according to statistics released this month by the Associated of State Dam Safety Officials. Last year, 140 dams were fixed, but inspectors discovered 368 more that need help. That is why the American Society of Civil Engineers (ASCE) gave the nation's dams a grade of "D" in its 2009 report on the nation's infrastructure. There are just too many aging dams and too few safety inspectors. "With the huge number of dams getting older every day, it's becoming a bigger and bigger problem," said the deputy executive director of the ASCE. "The policing of maintenance and filing of inspection records is relatively haphazard, not because of lack of focus or knowledge of significance, but they just don't have the monetary resources to do it." The Association of State Dam Safety Officials estimate that $16 billion would be needed to fix all high-hazard dams. The total for all state dam-safety budgets is less than $60 million. The current maintenance budget does not match the scale of America's long-term modifications of its watersheds. There was little state or Federal regulation, particularly of the little dams in small watersheds, until the 1970s, when five major dam failures took hundreds of lives and caused almost $1.5 billion in damage. The Carter Administration began to put safeguards in place, but the inspections continue to be carried out at the state level. Worse still, more people are moving into risky areas. As the American population grows, dams that once could have failed without major repercussions are now upstream of cities and development. That is why the number of high-hazard dams has increased from less than 9,000 in 2001 to more than 10,000 now. Source: http://www.wired.com/wiredscience/2009/08/agingdams/ [Return to top]

- 25 -

DHS Daily Open Source Infrastructure Report Contact Information About the reports - The DHS Daily Open Source Infrastructure Report is a daily [Monday through Friday] summary of open-source published information concerning significant critical infrastructure issues. The DHS Daily Open Source Infrastructure Report is archived for ten days on the Department of Homeland Security Website: http://www.dhs.gov/iaipdailyreport Contact Information

Content and Suggestions: Subscribe to the Distribution List: Removal from Distribution List: Send mail to [email protected] or contact the DHS Daily Report Team at (202) 312-3421 Visit the DHS Daily Open Source Infrastructure Report and follow instructions to Get e-mail updates when this information changes. Send mail to [email protected]

Contact DHS

To report physical infrastructure incidents or to request information, please contact the National Infrastructure Coordinating Center at [email protected] or (202) 282-9201. To report cyber infrastructure incidents or to request information, please contact US-CERT at [email protected] or visit their Web page at www.us-cert.gov.

Department of Homeland Security Disclaimer

The DHS Daily Open Source Infrastructure Report is a non-commercial publication intended to educate and inform personnel engaged in infrastructure protection. Further reproduction or redistribution is subject to original copyright restrictions. DHS provides no warranty of ownership of the copyright, or accuracy with respect to the original source material.

- 26 -

Information

Daily Report Template - Version 1

26 pages

Find more like this

Report File (DMCA)

Our content is added by our users. We aim to remove reported files within 1 working day. Please use this link to notify us:

Report this file as copyright or inappropriate

186479