Homeland Security Current Nationwide Threat Level ELEVATED Daily Open Source Infrastructure Report for 5 November 2009 Significant Risk of Terrorist Attacks For information, click here: http://www.dhs.gov Top Stories Occupational Health and Safety reports the California Nurses Association/National Nurses Organizing Committee and Catholic Healthcare West hospital chain have reached a settlement that organizers say sets a national benchmark for protecting workers as well as patients and containing the spread of pandemics such as H1N1 on November 3. (See item 36) According to the Associated Press, an Army Special Forces soldier has been arrested following the discovery of about 100 pounds of explosives outside his Tennessee home. Federal and military officials searched his home on November 2 after a pair of hunters found the C-4 plastic explosive in a field by the house. (See item 41) Fast Jump Menu PRODUCTION INDUSTRIES • Energy • Chemical • Nuclear Reactors, Materials and Waste • Critical Manufacturing • Defense Industrial Base • Dams Sector SUSTENANCE AND HEALTH • Agriculture and Food • Water Sector • Public Health and Healthcare SERVICE INDUSTRIES • Banking and Finance • Transportation • Postal and Shipping • Information and Technology • Communications • Commercial Facilities FEDERAL AND STATE • Government Facilities • Emergency Services • National Monuments and Icons Energy Sector Current Electricity Sector Threat Alert Levels: Physical: ELEVATED, Cyber: ELEVATED Scale: LOW, GUARDED, ELEVATED, HIGH, SEVERE [Source: ISAC for the Electricity Sector (ES-ISAC) [http://www.esisac.com] 1. November 4, Associated Press – (Utah) Explosion shakes homes as fire erupts at refinery. An explosion shook nearby homes as a fire broke out Wednesday at a -1- refinery about five miles north of Salt Lake City. No injuries were reported. Residents reported a “significant boom” with damage to several homes around the Silver Eagle Refinery in Woods Cross the South Davis Metro Fire Deputy Chief said. The fire was contained but not yet out, said a company vice president. The vice-president said a brief power outage was reported at the nearby Holly and Flying J refineries in West Bountiful, causing generators to kick in. Steam and fire were released as a safety measure, he said. Silver Eagle had a similar outage and a diesel unit caught fire, said a public relations consultant for Silver Eagle Refinery. The chain of events remained unclear. The vice-president said his company believed a utility outage led to trouble at multiple refineries, but Rocky Mountain Power said it did not cause the problem. A Utility spokesman said the explosion at Silver Eagle briefly knocked out a 46,000-volt transmission line, leading to emergency measures at the refineries. The vice-president said the exact cause of the explosion also remained unclear, but the trouble started at a pipeline connecting two vessels. It was the second blaze this year at the Silver Eagle refinery. On January 12, four people were seriously burned when a 440,000 gallon storage tank caught fire and burned for 11 hours. Federal investigators said the ignition source may have been a gas heater or a refrigerator’s electric outlet in a utility shed about 160 feet from the tank. Source: http://www.google.com/hostednews/ap/article/ALeqM5j2QWcSKUcszoY2slcOR4wCo gD95gD9BOT72O0 2. November 4, Associated Press – (South Dakota) SD ranchers voice concerns about Keystone pipeline. Ranchers who live along the route of a crude oil pipeline that TransCanada Keystone wants to build across western South Dakota said Tuesday they are worried about oil spills and damage to their land, water and roads. More than 50 landowners and others showed up at a public hearing Tuesday night about the 313-mile Keystone XL pipeline. The meeting was organized by the South Dakota Public Utilities Commission, which is holding a formal hearing this week on TransCanada Keystone’s application for a construction permit. The landowners’ comments will not be submitted as formal evidence, but the three commissioners will consider their remarks at the formal hearing. If they approve the construction permit, the commissioners could also take into account the landowners’ comments when setting conditions. A resident of Mud Butte and other ranchers told the public hearing they did not trust TransCanada Keystone because its employees had already violated some agreements. He said he agreed to allow a company agent to conduct a survey on his land, but that the agreement was broken when a company vehicle drove in the wrong place, which he said amounted to trespass. The proposed pipeline would deliver up to 900,000 barrels a day of Alberta tar sands crude oil from near Hardisty, Alberta to Gulf Coast terminals and refineries in Texas. It would enter South Dakota from Montana in Harding County and run through Butte, Perkins, Meade, Pennington, Haakon, Jones, Lyman and Tripp counties before entering Nebraska. Source: http://www.newsday.com/business/sd-ranchers-voice-concerns-aboutkeystone-pipeline-1.1568097 -2- 3. November 4, Reuters – (New York) Fire damages Con Ed transformer in Dunwoodie, NY. A fire consumed a 345-kilovolt power transformer at Consolidated Edison Inc’s Dunwoodie substation in Yonkers, New York, early Wednesday morning, a company spokesman said. He said the fire affected only one of the station’s many transformers and did not cause any injuries or cut off service to any customers. Transformers use a type of non hazardous mineral oil for cooling. It was the mineral oil inside the transformer that burned, the spokesman said. The fire started at about 5 a.m. Eastern time and was under control by about 8:45 a.m. on Wednesday, a Con Edison spokeswoman said. With many redundant systems at the substation, the spokesman said the company was able to continue to moving power through the station despite the fire. Source: http://www.reuters.com/article/rbssIndustryMaterialsUtilitiesNews/idUSN0454809320 091104 4. November 3, Maine Public Broadcasting Network – (Maine) Copper thieves strike at Bangor hydro substation — again. Bangor Hydro Electric Company is again repairing a substation in its northern service territory after thieves stole copper wire from the facility for the second time in less than a week. Company officials say crews finished repairing damage from the first theft on Friday, only to return Monday to discover that the newly-installed copper wire had also been stolen. The Bangor Hydro Safety Officer said the company is working with the Sheriff’s Department and the Maine State Police to find the thieves. He said they are not only damaging Bangor Hydro equipment, they are putting employees - and themselves - at risk. Company officials declined to name the specific substation targeted by the thieves, but they say they have increased surveillance at their substations and are installing motion detectors and other equipment at an increasing number of them. They say stolen copper is very expensive to replace and repairs can result in customer outages. Source: http://www.mpbn.net/News/MaineHeadlineNews/tabid/968/ctl/ViewItem/mid/3479/Ite mId/9626/Default.aspx 5. November 3, Fort Worth Star-Telegram – (Texas) Thieves target solar panels, copper wiring at gas wells. Solar panels and copper wiring are disappearing from gas well sites in Johnson County, and the Sheriff’s Department is asking for the public’s help to catch the thieves. The copper is likely being sold for scrap the sheriff said Tuesday. But the solar panels could be used on ranches, other gas production sites or even to produce electricity to grow marijuana, he said. The thefts have being going on for about two weeks, he said. Source: http://www.star-telegram.com/crime_courts/story/1734274.html 6. November 3, WKRC 12 Cincinnati – (Ohio) Police arrest man in theft of high voltage wires. A 29 year-old man is charged with nine felony counts for stealing copper ground wire from Duke Energy substations, but experts say, he is lucky he was not electrocuted. The man has hit numerous Duke installations recently. He cut the fence at this substation last Thursday, robbed another one minutes later, another one Saturday, and another one Monday. The man has told police he has been robbing Duke -3- substations for the last four months, hitting a couple of them each week. Last week, he got between two and five thousand dollars of copper wire each time, but he also caused tens of thousands of dollars in damage which gets passed on to customers. Source: http://www.local12.com/mostpopular/story/Police-Arrest-Man-in-Theft-ofHigh-Voltage-Wires/1H234uvzMU-oh3Ngh06wgw.cspx [Return to top] Chemical Industry Sector 7. November 4, Journal of Commerce – (National) Clorox ending chlorine use, shipping. The Clorox Company says it will stop using chlorine in its signature bleach product because of growing concerns over the safety and oversight of transporting the product on railroads. The company says it will phase in a switch from chlorine to other chemicals in its Clorox bleach at its main factory in Fairfield, California, over the next six months and at other sites in coming years. A company spokesman told The Associated Press the household product maker’s goal is “ultimately to eliminate the transportation of chlorine from our U.S. supply chain.” The shipping of chlorine and other potentially hazardous chemicals has come under greater scrutiny in recent years following fatal accidents on the rails, including one in Graniteville, S.C., in 2005 in which eight people died. Chlorine gas was among the chemicals released in that accident. “By transitioning to a new manufacturing process now, that allows us to stay ahead of regulations and potentially avoid costs,” a spokesman told the AP. “With the regulatory environment we’re in now, the transportation of different chemicals is being scrutinized maybe more than ever before.” Source: http://www.joc.com/node/414393 8. November 3, Associated Press – (New York) Toxic chemicals mixed in 2 upstate NY suicides. Two men in upstate New York have died less than a week apart by asphyxiation from intentionally inhaling toxic mixes of household chemicals while seated in their cars, authorities say. The names of the 21-year-old victim from near East Bloomfield and the 22-year-old victim from Berkeley, Califonia were not released and authorities did not know if the two suicides were somehow related, an Ontario County Sheriff said Tuesday. Each man left a sign on his car window warning emergency crews not to open the doors because of toxic fumes. The New York man was found dead Monday at a park in East Bloomfield in Ontario County. The sheriff said an autopsy determined he intentionally mixed chemicals to create lethal hydrogen sulfide gas. The California man was found dead last week some 50 miles away in Cayuga County. He also died by mixing similar chemicals after parking along a highway, authorities say. The sheriff said he has never handled a suicide by hydrogen sulfide. The New York Health Department could not immediately provide a number on hydrogen sulfide suicides. Source: http://www.pe.com/ap_news/California/NY_Body_Found_Chemicals_454885C.shtml -4- 9. November 3, WIFR 41 Rockford – (Illinois) Chemical spill at J&M Plating in Rockford. Authorities say a hydrochloric acid spill took place in the basement of J&M Plating in Rockford, Illinois. The acid is used to make fertilizers, dyes, as well as clean metal products. It is highly corrosive and can cause respiratory problems if inhaled. There were 15 workers inside the plant at the time, but no one was hurt because of the spill. Fire fighters say there was one injury from an unrelated incident. Source: http://www.wifr.com/news/headlines/69028232.html For another story, see item 29 [Return to top] Nuclear Reactors, Materials and Waste Sector 10. October 30, U.S. Nuclear Regulatory Commission – (National) NRC cites Wal-Mart for violations in handling tritium exit signs. The Nuclear Regulatory Commission (NRC) has cited Wal-Mart Stores, Inc., with four violations concerning improper disposal and transfer of tritium exit signs at its stores throughout the United States and Puerto Rico. The violations, issued October 28, concerned the improper transfer or disposal of 2,462 signs from Wal-Mart stores in states under NRC jurisdiction between 2000 and 2008, and the improper transfer of an additional 517 signs between various Wal-Mart facilities. The company also failed to appoint an official responsible for complying with regulatory requirements and failed to report broken or damaged signs as required. Exit signs containing tritium, a radioactive isotope of hydrogen, pose little threat to public health and safety and do not constitute a security risk. However, the NRC requires proper recordkeeping and disposal of the signs because a damaged or broken sign could cause minor radioactive contamination of the immediate vicinity, requiring environmental clean up. Source: http://www.nrc.gov/reading-rm/doc-collections/news/2009/09-180.html [Return to top] Critical Manufacturing Sector 11. November 4, Reliable Plant – (Ohio) Columbus Steel Castings cited for 19 safety/health violations. The U.S. Department of Labor’s Occupational Safety and Health Administration (OSHA) has cited Columbus Steel Castings Company in Columbus, Ohio, with proposed penalties totaling $102,000 for alleged serious and repeat violations of federal workplace safety and health standards. Columbus Steel Castings has been cited with four repeat violations, with proposed penalties of $62,500, for failure to enforce hazardous energy control, apply a lock on an energy isolation device, to guard the point of operation on a jag press, inadequate protection against welding rays, airborne overexposures to silica and failure to implement engineering or administrative controls for silica overexposures. OSHA issues a repeat violation when an employer has been cited in the past and the agency finds a substantially similar violation of any of the company’s facilities in federal enforcement states. The company -5- also has received citations for 12 serious violations, with proposed fines of $39,500. Some of the violations address the company’s failure to provide adequate training on hazardous energy control, flashback protection on fuel-gas torches, to have procedures for selection of respirators, to provide inspection, maintenance and cleaning procedures for respirators, overexposure prevention to hexavalent chromium and proper training for airborne exposures to cadmium and lead. A serious citation is issued when there is substantial probability that death or serious physical harm could result from a hazard about which the employer knew or should have known. Source: http://www.reliableplant.com/article.aspx?articleid=21014&pagetitle=Columbus+Steel +Castings+cited+for+19+safety/health+violations 12. November 3, Detroit Free Press – (National) Floor mats cited in Toyota recall. The National Highway Traffic Safety Administration has found no evidence of mechanical causes of unintended acceleration in Toyota vehicles, which has resulted in fatalities and Toyota’s largest-ever recall, one of the company’s top marketing executives said November 2. Toyota, which is asking owners of 3.8 million of its Camry, Avalon, Prius, Tacoma and Tundra models to remove or replace the mats, also characterized the problem of floor mat interference as an industry safety issue. NHTSA received reports of 102 incidents in which the accelerator may have become stuck on certain Toyotas. The agency has not said how many of those incidents involved crashes. But an August accident near San Diego killed a California Highway Patrol officer and three family members when the Lexus ES350 he was driving barreled out of control. In a 911 call, someone in the vehicle reported the accelerator was stuck and the driver could not stop the vehicle. Toyota is mailing letters this week asking affected owners to make sure they have the correct driver-side floor mat for their model. If so, it must be fastened to hooks on the floor. If not, owners should remove it. Toyota also warns owners not to flip the floor mat over or place one mat on top of another. Source: http://www.freep.com/article/20091103/BUSINESS01/911030370/1322/Floormats-cited-in-Toyota-recall 13. November 1, KickingTires – (National) Recall alert: 39,600 Mazda B series trucks. Mazda has issued a recall for 39,600 Mazda B Series pickup trucks from the 1995-1997 and 2001-2003 model years, according to the National Highway Traffic Safety Administration. The only pickups being recalled are those equipped with the Texas Instruments speed-control deactivation switch and/or antilock brake system manufactured before December 5, 2002. Part of the cruise control deactivation switch may corrode over time, possibly leaking. This could lead the switch to overheat, which may start a fire under the hood. This could happen even if the engine is not running. Mazda dealers will install a universal fused jumper harness on the deactivation switch for free. Source: http://blogs.cars.com/kickingtires/2009/11/recall-alert-39600-mazda-b-seriestrucks.html [Return to top] -6- Defense Industrial Base Sector 14. November 3, Air Force Times – (National) SBIRS program faces new 12- to 18month delay. The Air Force’s embattled Space Based Infrared System (SBIRS) program faces another delay — this time of 12 to 18 months, according to defense and industry officials. The SBIRS initiative, being developed for the air service by Lockheed Martin, has been plagued by numerous cost overruns and schedule delays over the years. Technical problems have forced changes to the date Lockheed was slated to deliver the first SBIRS missile early warning satellite to the service. And now it will take Lockheed another year or 18 months to wrap up testing and deliver that first SBIRS orbiter, the U.S. Strategic Command chief said. The StratCom chief said the long-troubled satellite program is but one example of how the U.S. military’s space community has encountered turbulence managing major development programs. The new plan is for Lockheed to deliver the first satellite by the end of September 2010, about one year later than the last planned delivery date. While the StratCom chief had pointed to software problems as fueling the delivery slip, a Lockheed spokesman said it was triggered by a collection of testing-related issues. Program officials, aiming for caution after previous problems, over the last year have inserted more test events into the SBIRS schedule. A few other tests took longer than first anticipated, he said. Lockheed space officials “refuse to cut corners ... because, given this mission, we have to get this exactly right.” Program officials also will continue doing “day-in-the-life” tests, during which they simulate how operators will use the platforms. These rounds of testing, the spokesman said, “are typically a sign of maturity” and no problems have shown up so far. Source: http://www.airforcetimes.com/news/2009/11/defense_sbirs_lockheed_110309/ 15. November 3, Online Defense and Acquisition Journal – (National) F136 needs new lug nut; testing again by Xmas. The second engine for the Joint Strike Fighter needs a fancy lug nut redesigned and should be back up on the test stand by the end of the year, a GE spokesman says. The program has been dogged by rumors that it faced a potentially significant redesign of its combustor but the real problem lies with a lug that attaches the diffuser to the combustor, a GE spokesman. “The actual combustor will not have to be redesigned,” he said. The lug in question is about the size of a small fingernail. The company will know in a few days whether it can proceed with a temporary fix or should pursue a permanent redesign of the lug, he said. He also said the company was not sure whether the problem with the lug lay with its supplier or if it is a design problem: “We don’t know exactly yet. We think it’s a design issue.” The company has not finished its highly detailed failure analysis yet. Once the lug issue is resolved, GE/Rolls Royce expect to have three engines functioning “early in the new year,” the spokesman said, including the one taken off the test stand in early October after the lug failed. He rebuffed claims that the F136 is lagging far behind Pratt & Whitney in its testing program. Critics say GE only has 52 hours of testing and has suffered four failures during SDD while Pratt’s engine had undergone 700 hours of SDD testing with no failures at roughly the same point in the program. The engine’s fundamentals are all where the company wants to see them at this point, he said, saying thrust, heat and wear data are all looking good. He said the company has had to go slow -7- at this phase in the program because “you have to put 2,000 sensors on the engine.” Two of the four engine shutdowns occurred after testing sensors got sucked into the engine. One was the problem with bearing clearance that was resolved pretty quickly. And the fourth and most recent failure involved was the lug nut. Source: http://www.dodbuzz.com/2009/11/03/f136-needs-new-lug-nut-testing-byxmas/ 16. November 3, Nextgov – (National) Defense’s space program weighed down by delays and cost overruns. Mismanagement has led to delays and multibillion-dollar cost overruns in the Defense Department’s space program, according to a report the Government Accountability Office released on November 3. Defense plans to spend more than $50 billion to develop eight space systems that will provide communications, global positioning, weather data, and missile warning information, GAO reported. The systems consist of two main components: satellites and ground control systems, which often include a third component called user terminals that troops use to access the space systems from the battlefield. GAO said the programs have been delayed as long as seven years and costs are estimated to increase $11 billion from fiscal 2008 through fiscal 2013. The buildout of ground systems lags the development of the satellites because Defense has diverted funding from the ground systems program to the satellites to cover funding shortages. “This means that mission-capable satellites may be in orbit for months or years, but warfighters and others would be unable to use the full complement of the satellites’ capabilities,” the report stated. Defense also has not properly aligned the delivery of the ground control systems with the satellites, compromising the systems’ performance. In many cases, the gap between the rollout of capabilities in space and on the ground is several years. For six of the eight systems, Defense has not aligned delivery of the ground control systems with the satellites. Additionally, three of the ground control systems are not aligned to deliver their functionality and none of the five systems requiring user terminals was aligned properly. Source: http://www.nextgov.com/nextgov/ng_20091103_2760.php?oref=topnews [Return to top] Banking and Finance Sector 17. November 4, New York Times – (New York) S.E.C. taps hedge fund counsel to lead unit. Amid continuing reports of insider trading and Ponzi schemes linked to hedge funds, the Securities and Exchange Commission said Tuesday it had named a hedge fund general counsel to lead its New York examinations group. The general counsel, who assumes in the post in in January, will head up a staff of approximately 100 accountants and examiners responsible for the inspections of investment advisers and hedge funds in the New York region, the S.E.C. said Tuesday. Source: http://dealbook.blogs.nytimes.com/2009/11/04/sec-taps-hedge-fund-counselto-lead-unit/ -8- 18. November 4, Insurance and Financial Advisor – (California) Organizer of $64 million California Ponzi scheme gets 25 years in jail. A California man who orchestrated a $64 million Ponzi scheme promising huge returns to investors through a bond-trading program and life insurance pool to aid local churches will spend the next 300 months in a federal prison. A 41 year-old man, formerly of Westlake Village, California, was sentenced following a two-day hearing in a U.S. District Court in Los Angeles. He pleaded guilty last year to 19 felony counts, including conspiracy, wire fraud and money laundering. The convicted schemer, originally indicted in 2006, must also pay $44 million in restitution, according to the U.S. States Attorney’s Office for the Central District of California. The judge said the man’s 25-year prison term was warranted because of the danger he poses to the community, his unwillingness to accept responsibility for the fraud scheme and the deterrent effect the lengthy prison term would have on others. Source: http://ifawebnews.com/2009/11/04/organizer-of-64-million-california-ponzischeme-gets-25-years-in-jail/ 19. November 3, CNET – (National) Corporate bank accounts targeted in online fraud. Criminals have tried to steal an estimated $100 million from corporate bank accounts using targeted malware and money mules, the FBI said on Tuesday. “Within the last several months, the FBI has seen a significant increase in fraud involving the exploitation of valid online banking credentials belonging to small and medium businesses, municipal governments, and school districts,” the agency said in a statement. The FBI is seeing, on average, several new victim complaints and cases every week, according to a report prepared by the Internet Crime Complaint Center and linked to in the FBI release. A reporter for The Washington Post’s Security Fix blog said last week that the FBI puts losses from online fraud involving malware and money mules at around $40 million. He is keeping a running list of businesses who have been victims of online theft and detailing the attacks. Criminals are shifting their focus to stealing online bank credentials from businesses instead of consumers because there is more money in the corporate bank accounts to plunder, according to the chief technical officer of browser security vendor Trusteer. Source: http://news.cnet.com/8301-27080_3-10390118-245.html 20. November 3, The Examiner – (New Jersey) New Jersey criminal corruption sting largest in history. A FBI informant turned witness for the federal government in the largest New Jersey criminal corruption sting in its history emerged recently from the federal protection program long enough to plead guilty to a $50 million bank fraud. The 37 year-old man pleaded guilty in federal court in Newark to one count each of moneylaundering and bank fraud, charges that can put him in prison for up to 11 years. As the man stood before a U.S. District Judge in Newark in his less than 30-minute appearance he entered pleas to separate counts of bank fraud and money laundering in connection with two bogus checks totaling more than $50 million that he tried to deposit at the PNC Bank. “I am guilty your honor,” he declared, firmly and without hesitation. Later in Monmouth County, the scene was repeated before a Superior Court Judge in Freehold, where he pled to similar state charges. -9- Source: http://www.examiner.com/x-8642-LA-National-SecurityExaminer~y2009m11d3-New-Jersey-criminal-corruption-sting-largest-in-history 21. November 3, Associated Press – (Florida) More than 100 arrested for mortgage fraud, feds say. A federal prosecutor says a crackdown on organized mortgage fraud this year has yielded 105 arrests from Jacksonville to Fort Myers. The U.S. attorney for Florida’s middle district announced the results of the nine-month investigation at news conferences Tuesday in Fort Myers and Tampa. He said the fraudulent loans totaled more than $400 million and involved more than 700 properties. Defendants include mortgage brokers, Realtors, lenders, sellers and buyers. He called the problem an “epidemic.” Florida’s middle district includes a swath that extends from Jacksonville to Fort Myers and includes the Orlando and Tampa areas. Source: http://www.foxnews.com/story/0,2933,571516,00.html [Return to top] Transportation Sector 22. November 4, Burlington Free Press – (New York) Video shows Champlain Bridge cracks. A video released Tuesday by the New York Department of Transportation (DOT) shows extensive cracking on at least one of the concrete piers supporting the closed Lake Champlain Bridge linking Addison to Crown Point, New York. Officials closed the bridge October 16 after discovering cracks in at least two concrete piers supporting the span. The closure has caused headaches for commuters who must take circuitous routes to get to work. Businesses near the bridge are crippled because the roughly 3,400 vehicles that crossed the span daily now go elsewhere, leaving the businesses with fewer customers. The underwater video was taken by divers who have been inspecting the piers to determine how extensive the cracking and damage is and to help engineers determine how best to fix the problem. The video, posted by the New York DOT on its Lake Champlain Bridge update page, shows a wide, wavering, diagonal crack extending along several feet of the pier below the water’s surface. Engineers say cracks with a relatively horizontal orientation, like some of the cracks in the piers, are particularly dangerous because the section of the pier above the crack could slip laterally. In a worst-case scenario, such a slip would make the bridge partly or wholly collapse, engineers have said. A New York DOT spokesman, echoing comments from Vermont officials, said he is optimistic a free ferry soon will operate just south of the closed bridge. The ferry would remain open all winter with ferries designed to move through or break ice, he said. Source: http://www.burlingtonfreepress.com/article/20091104/NEWS02/91104001 23. November 4, KOVR 13 Sacramento – (California) Crews working to clear train derailment in Davis. Crews are still working in Davis this morning to clean up after a Tuesday night train derailment in which three train cars came off the tracks spilling chemicals into residential backyards. The Davis Fire Department said the track failed under the weight of the California Northern train, but they are not sure why. Three cars jumped the track, and two overturned. Each car was carrying about 90 tons of lime, a - 10 - nontoxic mineral used in agriculture, according to authorities. Some of the lime spilled into nearby backyards, creating a mess for local residents. Residents were warned to stay out of their own yards in case the cars fall over completely – power lines could be taken down if they do fall, authorities said. Fire officials say the company will bring in a crane tomorrow to put the cars back on track. Passenger rail service is not being impacted. Source: http://cbs13.com/local/train.derailment.davis.2.1290148.html 24. November 4, North Platte Telegraph – (Nebraska) Officials: Chemical accident a learning experience. Concerns over the response to a recent chemical accident at Union Pacific’s Bailey Yard has caused railroad officials to reevaluate their protocols for dealing with incidents that involve hazardous materials. The chemical accident occurred on October 10, when four cars derailed within Bailey Yard. Three of the cars that derailed were tank cars that had been used to ship liquid chlorine. The regional director of corporate relations and media for Union Pacific Railroad said the tank cars did have some chlorine residue but were considered empty. He said a car foreman saw the derailment and evaluated the situation. The foreman determined that the cars were in good shape and that there were no leaks in the tank cars. Because there was no chemical spill involved, the North Platte Fire Department was not notified of the incident. While the outer tank did have some damage, there was no damage to the stronger inner tank or the valves. He also noted that there was no sign of a release and that the public was in no danger. After talking with fire officials about the incident, officials said Union Pacific will now contact the local fire department as a courtesy and precaution any time there is a derailment that involves a car with hazardous material. According to fire department officials, each of the tank cars had between 1,000 and 3,000 gallons of chlorine at the time of the accident. The capacity for a standard pressurized tank car is about 33,500 gallons. Source: http://www.nptelegraph.com/articles/2009/11/04/news/60004565.txt 25. November 4, WRC 4 Washington – (District of Columbia; Maryland; Virginia) Power outage cripples Metro services. A power outage at Metro’s headquarters led to massive problems systemwide November 4, allowing people to ride buses for free and shutting down WMATA’s Web site, call center and e-mail alert system. Metro said it experienced a power outage at about 2:45 a.m. that took down the data center responsible for communication functions. Buses and trains are running, but the bus fare boxes are not working, customers cannot make purchases with their debit cards and the public address system and telephones are down. The bus operations communication center is not able to communicate with buses out on the streets. MetroAccess online reservation system is not functioning. The NextBus system is also down. On Metrorail, customers are not able to purchase fare with their debit cards. Customers who want to charge their fare are limited to $20. There is no timetable for when the system will be back online, according to a WMATA spokeswoman, but the WMATA Web site did return at about 8:30 a.m. Source: http://www.nbcwashington.com/news/local-beat/Big-Problems-for-Metro69066202.html - 11 - 26. November 4, Digital Journal – (Missouri) Thunder Bay student jailed for flying stolen plane into U.S. A 31-year-old Thunder Bay, Ontario, man who caused a terror scare by crossing into U.S. airspace from Canada in a stolen Cessna has been jailed for two years. The man was sentenced to 24 months in prison on federal charges of interstate transportation of a stolen aircraft, importation of a stolen aircraft, and illegal entry, for flying a stolen Cessna 172 aircraft into the United States from Canada, said the acting U.S. attorney. According to fact filed in court, the man, who had been taking aviation classes at Confederation College of Applied Arts and Technology in Thunder Bay, stole a Cessna 172 training aircraft on April 6, 2009. He then flew the plane into U.S. air space causing the United States to scramble F-16 fighter planes to escort his flight while he maintained radio silence. Source: http://www.digitaljournal.com/article/281591 27. November 4, Associated Press – (Pennsylvania) Amid strike, Philly commuter train catches fire. A Philadelphia commuter train caught fire Wednesday, complicating the morning rush already hampered by the city’s transit strike. Officials said no injuries were reported. Flames could be seen shooting from the front of the Southeastern Pennsylvania Transportation Authority regional train shortly after 7 a.m. Wednesday. A big cloud of smoke also billowed from the train, which was heading east from the Overbrook station in West Philadelphia toward the Amtrak station in Center City. The sudden strike called early Tuesday by Transport Workers Union Local 234 all but crippled the agency, which averages more than 928,000 trips each weekday. The transit agency’s largest union walked away from negotiations on a new contract over disagreements on wage, pension and health care issues. The strike also affects buses that serve the suburbs in Bucks, Montgomery and Chester counties. Regional rail service is still operating, but trains have been delayed as they experienced larger-thannormal crowds. Source: http://www.msnbc.msn.com/id/33618603/ns/us_news-life/ For another story, see item 7 [Return to top] Postal and Shipping Sector Nothing to report [Return to top] Agriculture and Food Sector 28. November 4, Cattle Network – (Texas) USDA designates 69 additional counties in Texas as primary natural disaster areas. The U.S. Department of Agriculture has designated 69 counties in Texas as primary natural disaster areas because of losses caused by drought, above-normal temperatures and associated wildfires that that occurred during 2009. These 69 counties are in addition to 70 counties previously - 12 - designated as primary natural disaster areas earlier this year for the same reason. Source: http://www.cattlenetwork.com/USDA-Designates-69-Additional-Counties-inTexas-As-Primary-Natural-Disaster-Areas/2009-11-04/Article.aspx?oid=931890 29. November 3, U.S. Environmental Protection Agency – (Arizona) U.S. EPA takes enforcement action against the Wilbur-Ellis Company for 21 violations of federal pesticide law. The U.S. Environmental Protection Agency (EPA) has fined a California-based national distributor of agricultural products, the Wilbur-Ellis Company, $99,600 for 21 alleged violations of federal pesticide law. The case was the result of investigations conducted by regulators in Arizona, Idaho, Navajo Nation, Ft. Mojave Indian Tribe, and EPA’s Pacific Southwest and Pacific Northwest Regional Offices. Following a Fort Mojave Indian Tribe inspector’s discovery of a pesticide product with a single page copy of a label which appeared to be missing several key safety elements, the U.S. EPA requested that Arizona conduct an inspection of WilburEllis Company. In 2007, Arizona Department of Agriculture investigators found that the Wilbur-Ellis facility in Ehrenberg, Arizona was distributing and selling a misbranded pesticide, in violation of federal law. A separate inspection in 2008 by Arizona Department of Agriculture investigators found that Wilbur-Ellis was distributing a minimum risk pesticide with a label that failed to meet the regulatory requirements. U.S. EPA Region 10 inspectors documented distribution of a Restricted Use Pesticide by Wilbur-Ellis Company to a non-certified applicator at Yakima, WA. The Wilbur-Ellis Company has agreed to pay the fine to resolve this enforcement action. Source: http://yosemite.epa.gov/opa/admpress.nsf/0/642D8A04D36E7BF085257663005FA0F6 30. November 3, U.S. Environmental Protection Agency – (Alaska) Fish processing plant in Haines, Alaska faces a possible $177,500 fine for discharging fish waste without a permit. The U.S. Environmental Protection Agency (EPA) has filed a complaint against Chilkoot Fish & Caviar, Inc. for violations of the federal Clean Water Act. The violations occurred at Chilkoot’s fish processing plant located at Mile 5 Lutak Road in Haines, Alaska. The company, which repeatedly violated its permit over a four year period, could face a penalty of $177,550, the maximum civil penalty allowed under the Clean Water Act. EPA alleges that Chilkoot violated the Clean Water Act by discharging fish processing waste into Lutak Inlet without a National Pollutant Discharge Elimination System (NPDES) permit. The administrative complaint alleges illegal discharge activities from May to October in 2004, 2005, 2006 and 2007. Fish wastes are the unused portions of the processed fish. The permit requires processors to grind the waste to 1/2 inch size or less. From 2004 through 2007, Chilkoot processed over 824,000 pounds of fish waste. “Fish processing waste, especially from shorebased facilities, can cause serious harm to the marine environment in the surrounding area,” said the EPA’s Director of Compliance and Enforcement in Seattle. Source: http://yosemite.epa.gov/opa/admpress.nsf/0/F9A20FB5E525FFC78525766400024014 [Return to top] - 13 - Water Sector 31. November 3, Water Technology Online – (Guam) Official, meter maker say Guam story was inaccurate. An official with the organization that oversees the Guam Waterworks Authority (GWA), as well as a spokesman for a manufacturer of water meters used by the waterworks, say that the local newspaper, the Pacific Daily News, recently incorrectly reported information about the island’s water meter-reading systems. The chairman of the Consolidated Commission on Utilities, the waterworks overseer agency, responded in a November 4 letter to the editor in the Pacific Daily News, commenting on its stories. He said the purpose of the letter is to “correct misperceptions caused” by the stories. He referred to an October 22 Pacific Daily News story in which he says the paper “incorrectly reported that 7,000 non-working transponders meant 7,000 water meters were not being read accurately.” Instead, he said, a non-working transponder “does not mean the meter is incorrectly reading consumption, only that the auto-transmitting of info to the meter reader was failing. In these cases, GWA crews must read the meter manually but an accurate reading of customer use is still obtained.” Source: http://watertechonline.com/news.asp?N_ID=72881 32. November 3, Water Technology Online – (Missouri) Chlorides in well water could spell trouble: city. Although the drinking water here meets all federal safe drinking water standards, the presence of chlorides in supply wells is an indication that trace levels of other contaminants also may be lurking in source water, the Columbia Missourian reported November 3. An environmental engineer who sits on the city’s Environment and Energy Commission as well as the Water and Light Advisory Board, said the source of the chlorides is treated wastewater. The treated effluent, although funneled far from the supply wells in the Missouri River bottoms at McBaine, is finding its way into the city’s supply. He said that means that other potentially harmful contaminants, such as pharmaceuticals and household chemicals, also could be in the city’s source water. The city had been considering a proposal to drill a new well near the existing wells with elevated levels of chlorides. City Council members decided at a November 3 meeting to postpone moving forward on the well-drilling project to allow for further study of proposed placement of the well, the report said. Source: http://www.watertechonline.com/news.asp?N_ID=72880 33. November 2, WBOY 12 Clarksburg – (West Virginia) Grant Town braces for winter water problems. For the first time in 10 days, Grant Town, West Virginia, has drinkable water. The town has been on a boil water advisory due to multiple leaks in the water system. Even though those leaks are fixed for the moment, town officials warn the worst may be still to come. “In my opinion and the water commissioners opinion, this water system is failing,” said the Grant Town mayor. The water lines in Grant Town date back to the 1940’s. With cold weather and heavy traffic, lines break frequently. “With the amount of leaks we’ve had just recently, seven leaks in a week! That’s unheard of, we’ve never had that many problems before,” said the mayor. Grant Town has secured $1.5 million in a small cities block grant and a $1.7 million loan through West Virginia Infrastructure to update its entire water system. The town is still - 14 - in the process of negotiating right of ways, before work can begin. “It’s about a two month bid period, so we hope to award the project soon and start digging by January or February of next year,” he said. Until then, the town is bracing for a bad winter for water. It has already sent a letter to each household telling residents to stockpile drinking water. Town officials have already contacted the Office of Emergency Services in Marion County asking for help this winter supplying drinking water to residents in town. Source: http://www.wboy.com/story.cfm?func=viewstory&storyid=69585 34. November 2, Ocala Star-Bannner – (Florida) Contaminated water tanks at landfill damaged. An unprecedented pair of lightning strikes has severely damaged a storage system used to hold contaminated water at Baseline Landfill, prompting Marion County, Florida, officials to move quickly to get the unit operating back at full capacity. According to county officials, lightning hit a massive 30,000-gallon tank at the landfill in September, rendering the tank irreparable. A second tank the same size that was struck in October was temporarily inoperable but has been recently repaired. The county has four such tanks, made of reinforced fiberglass, to store polluted water that is trapped by a piping system beneath the 80-foot-plus-high mound of garbage. The foul fluid is then shipped in 15,000-gallon-increments to a county wastewater treatment plant in Silver Springs for disposal. The assistant director of the Solid Waste Department, said the tanks were each two-thirds to three-quarters full at the time of the incidents. The water within the tanks, he said, is “heavily laden” with a mix of contaminants, including organic by-products like nitrogen, ammonia and phosphorous but also elements like lead, cadmium, arsenic, benzene and petroleum residue. While he described one tank as having a “fairly good flow” from spider-web-like cracks in its shell following the lightning strike, there was no threat to the environment or to the local drinking-water supply, he said. That is because the tanks are housed in a special confinement area at the landfill to safeguard against such incidents. On Tuesday, the County Commission will consider a $54,837 emergency contract for replacing the tank. If approved, the work should take about 45 days. Source: http://www.waterworld.com/index/display/news_display/137288392.html [Return to top] Public Health and Healthcare Sector 35. November 4, Associated Press and WCPO 9 Cincinnati – (National) Congress holds hearing on H1N1 vaccine shortage. A House committee looked into the federal response to the H1N1 virus at a hearing today on Capitol Hill. The head of the Centers for Disease Control and Prevention can expect some tough questioning about the availability of the swine flu vaccine. Meanwhile, a senior House lawmaker is seeking a quick floor vote on a bill to guarantee five paid sick days to workers if their employer tells them to stay home with swine flu or a similar contagious illness. The House Education and Labor Committee chairman says his measure would protect about 50 million workers with no paid sick leave. - 15 - Source: http://www.wcpo.com/news/local/story/Congress-Holds-Hearing-On-H1N1Vaccine-Shortage/w9unn47oZ0S2Ns4-EUzX9g.cspx 36. November 3, Occupational Health and Safety – (California; Nevada) Nurses, hospital reach ‘historic agreement’ on pandemic protection. In what is being hailed as an “historic agreement,” the California Nurses Association/National Nurses Organizing Committee (CNA/NNOC) and Catholic Healthcare West hospital chain have reached a settlement that organizers say sets a national benchmark for protecting workers as well as patients and containing the spread of pandemics such as H1N1. The settlement, which averted a strike that had been set for October 30, covers 13,000 registered nurses in 32 CHW facilities in California and Nevada. According to the agreement, the hospital chain will ensure safe staffing standards, reduce the assignment of RNs to areas outside their clinical expertise or orientation, and prevent management’s proposed reduction in nurses’ health care coverage. Importantly to CAN/NNOC, the agreement also creates a new system-wide emergency task force, comprised of CNA/NNOC RNs and hospital representatives following the declaration of pandemic emergencies. The task force set up by the settlement will monitor system-wide preparedness and set uniform standards on full implementation of federal, state, and local guidelines, availability of on-site protective safety equipment, communication and training policies for all hospital personnel, and other needed steps, such as consideration of off-site emergency triage and treatment. Source: http://ohsonline.com/Articles/2009/11/03/Nurses-Reach-HistoricAgreement.aspx 37. November 3, Chicago Examiner – (National) CDC study finds two antibiotics linked to birth defects. Researchers from the Centers for Disease Control and Prevention (CDC) have linked the prenatal use of two types of antibiotics to an increased risk of birth defects. The antibiotics in question are nitrofurantoins and sulfonamides, also known as sulfa drugs. These antibiotics are used to treat urinary tract infections, bronchitis, pneumonia, and other types of bacterial infections. The researchers analyzed the antibiotic usage of 13,155 women whose babies had one of more than 30 birth defects and 4941 women whose babies did not have these birth defects. All the women had used antibiotics during the period of one month before pregnancy and the end of the first trimester.Common brand names for nitrofurantoin antibiotics are Furadantin, Macrobid, Macrodantin. Common brand names for sulfonamides include Bactrim and Septra. Source: http://www.examiner.com/x-26424-Indianapolis-Healthy-LivingExaminer~y2009m11d3-CDC-study-finds-two-antibiotics-linked-to-birth-defects [Return to top] Government Facilities Sector 38. November 4, Augusta Chronicle – (Georgia) NRC inspectors find minor violations at MOX. The Nuclear Regulatory Commission’s (NRC) most recent round of inspections at the U.S. Energy Department’s mixed oxide fuel facility yielded four notices of - 16 - violation for mostly minor infractions, according to a copy of the report made public Tuesday. Inspectors, who conducted extensive reviews at the construction site from July 1 to September 30, also noted many programs — including the placement of concrete and steel — were adequate. The $4.8 million MOX facility, scheduled to open at Savannah River Site in 2016, is designed to dispose of 34 metric tons of surplus weapons-grade plutonium by using small amounts to make fuel for commercial reactors. The inspections evaluated construction of principal structures and included quality assurance activities related to design verification and documentation control; problem identification, resolution and corrective actions; structural steel and support activities; structural concrete activities; and geotechnical foundation activities, the report said. All were “performed in a safe and quality related manner and in accordance with procedures and work packages.” The four violations identified by the NRC were assigned a priority level of IV — the least serious on the agency’s scale: Source: http://chronicle.augusta.com/stories/2009/11/04/met_554400.shtml 39. November 3, Associated Press – (Washington) Oakland man, four other demonstrators arrested at Washington nuke sub base. Five anti-war demonstrators — including an Oakland man — were arrested after cutting through a security fence at the nuclear missile storage facility for Trident submarines at Naval Base KitsapBangor. The Kitsap Sun reports they carried a banner that said, “Disarm Now Plowshares: Trident: Illegal and Immoral.” A Navy spokesman says an alarm went off when the group entered at 6:30 a.m. today, and they were arrested on suspicion of trespass and destruction of government property, cited and released. The five individuals were all over 60 years of age and included a Catholic priest and nun. Source: http://www.contracostatimes.com/news/ci_13703786 40. November 3, Bay City News – (California) Protest at Pelosi’s SF office ends in arrests. About a dozen people were arrested Tuesday afternoon after refusing to leave the House Speaker’s office on Seventh Street in San Francisco, the protesters and the Speaker’s spokesman said. The group had gathered to demand that the Speaker make a bigger push in Congress for single-payer health care a member of the Gray Panthers who participated. The protester said the group represented a number of organizations including Direct Action for Single Payer, the California Alliance for Retired Americans, the Gray Panthers and others. About 12 members of the group were arrested around 2:30 p.m. by the Federal Protective Service, which provides security at the building, a spokesman for the House Speaker said. Source: http://cbs5.com/politics/pelosi.healthcare.protest.2.1290169.html 41. November 2, Associated Press – (Kentucky; Tennessee) Soldier arrested on explosives charge. An Army Special Forces soldier has been arrested following the discovery of about 100 pounds of explosives outside his Tennessee home. Federal and military officials searched his home early Monday morning after a pair of hunters found the C-4 plastic explosive in a field by the house outside Clarksville. The house is near Fort Campbell, a sprawling Army post on the Tennessee-Kentucky border where the soldier is based. A spokeswoman for Army Special Forces at Fort Campbell, said the soldier, who was not identified, is currently being held in the county jail. The - 17 - spokeswoman said the search was conducted by agents from the Bureau of Alcohol, Tobacco, Firearms and Explosives, the FBI and U.S. Army criminal investigators. A spokesman for the Montgomery County sheriff, said the explosives found late Sunday evening appeared to be military ordnance. Another Fort Campbell soldier was arrested in October and charged with selling four stolen hand grenades and a stolen anti-tank rocket to an undercover officer in Tennessee. Source: http://www.military.com/news/article/soldier-arrested-on-explosivescharge.html?col=1186032325324 [Return to top] Emergency Services Sector 42. November 3, Thibodaux Daily Comet – (Louisiana) Truck slams into Thibodaux fire station. A truck slammed into the Thibodaux Fire Department’s Bowie station Monday morning, shattering the station’s toilets, damaging walls and briefly flooding the building following a three-car wreck in front of the station. No one was hurt in the collision, Louisiana State Police said. Damage to the fire station, which is one company of the Thibodaux Volunteer Fire Department, was described by State Police as minor to moderate. The wreck will not affect fire-fighting operations in the area, Thibodaux’s fire chief said. Source: http://www.dailycomet.com/article/20091103/ARTICLES/911039934/1030/OPINION 02?Title=Truck-slams-into-Thibodaux-fire-station [Return to top] Information Technology Sector 43. November 4, The Register – (International) Newfangled cookie attack steals/poisons website creds. A security researcher has discovered a weakness in a core browser protocol that compromises the security of Google, Facebook, and other websites by allowing an attacker to tamper with the cookies they set. The weakness stems from RFC 2965, which dictates that browsers must allow subdomains, such as www.google.com, to set and read cookies for their parent (google.com). The specification also states that if a cookie for a subdomain does not already exist, the browser should use the cookie belonging to the parent instead. The arrangement makes it possible for attackers to steal or even alter the cookies that websites use to authenticate their users. Attackers would first have to identify an XSS, or cross-site scripting, bug in some part of the site they are targeting. But because virtually any subdomain will suffice, the scenario is not unrealistic, two web security experts said. “Most websites actually will store session IDs in a cookie and that’s actually how they keep track of users throughout the use of their website,” said a senior researcher for Foreground Security who first documented the flaw at last month’s Toorcon hacker conference. “Using the same techniques to attack those cookies, I can really damage sessions and cause some problems.” The researcher’s paper goes on to demonstrate - 18 - how he used the technique to bypass a feature Google recently implemented to beef up security on Gmail and other properties. By exploiting a minor vulnerability in sites.google.com, he was able to falsify the contents of his global Google cookie. Google has since fixed the XSS hole in the subdomain. Source: http://www.theregister.co.uk/2009/11/04/website_cookie_stealing/ 44. November 4, IBTimes – (International) Illegal file-sharing growth has led to spurt in cyber crimes: McAfee. Attempts to bring internet pirates to justice have only resulted in growth of cyber crimes, internet and network security services provider McAfee Inc. has warned. In August, when Swedish authorities tried to shut down The Pirate Bay, a torrent site that provided internet links of sites hosting unauthorised, copyrighted content, it only prompted Pirate Bay users to look for a new place to download the copyrighted material, prompting several The Pirate Bay-like sites to be launched. “Once it was temporarily shut down, those people still wanted the torrents so they went elsewhere, and that meant lots of other sites popped up to take advantage – we saw a 300 percent increase in sites hosting and distributing movies and software,” PC Pro quoted a McAfee security analyst, as saying. “This was a true ‘cloud computing’ effort,” McAfee said in its Threats Report for the third quarter. “The masses stepped up to make this database of torrents available to others. The Pirate Bay example shows how difficult it is to ‘stop’ data once it is on the web,” the report said. “A website can be shut down, but anyone who has accessed the content may still be able to redistribute it.” Though the news that state authorities are fighting a losing battle against internet piracy may be welcomed by torrent users, the surge in such users have also helped cyber criminals to increase their attacks on unsuspecting victims, McAfee warned. With the increase in torrent sites, cyber criminals are also putting up look-alike malware-infested sits on the internet “to trick users looking to download copyrighted material into downloading malicious programmes.” “Many of these (malicious) sites sprang up to scam users of The Pirate Bay who were looking for a new place to download copyrighted material,” McAfee said, adding that the number of such sites will increase during the fall and the Oscar season. McAfee has also noticed that cyber criminals have become smarter and are “getting increasingly effective at utilizing SEO techniques to drive traffic to these bad sites.” Source: http://www.ibtimes.co.uk/articles/20091104/illegal-file-sharing-growth-hasled-spurt-cyber-crimes-mcafee_all.htm 45. November 3, DarkReading – (International) Researchers create hypervisor-based tool for blocking rootkits. Researchers at North Carolina State University and Microsoft Research have come up with a way to combat rootkits by using the machine’s own hardware-based memory protection: the so-called HookSafe tool basically protects the operating system kernel from rootkits. Rootkits are the most difficult of malware to detect and remove: they often evade detection by anti-malware software, and even if they are discovered, they can still be difficult to completely eradicate. A rootkit typically hijacks “hooks” in the operating system — basically the control data in the kernel used to augment or extend the features of an OS — in order to hide out in the OS. This in turn lets the rootkit intercept and manipulate the system’s data, remain invisible to the user and anti-malware tools, and to install other malware - 19 - aimed at stealing data from the system. The researchers have devised a way to move the potentially tens of thousands of hooks in the kernel to a centralized location so they are easier to monitor and more difficult to abuse. Their HookSafe prototype is a hypervisor-based system that is able to protect nearly 6,000 different kernel hooks and has successfully stopped nine different rootkits. HookSafe runs in Ubuntu Linux 8.04 and leverages hardware-based memory protection in the system to stop rootkits from hijacking kernel hooks. The main tradeoff of the tool thus far is a slight performance hit, about a 6 percent slowdown in system performance. Source: http://www.darkreading.com/vulnerability_management/security/attacks/showArticle.j html?articleID=221600127 46. November 3, Infosecurity.com – (International) Symantec uncovers new type of Facebook Trojan. A command and controlserver is used by a botnet - a cluster of malware infected PCs which communicate across the internet - as a means of controlling the botnet swarm. Communications are usually relayed between the infected PCs and the server through the use of internet relay chat channels. The Facebookenabled trojan is called Whitewell and is being spread via email using infected documents (PDF or MS-Office format) that contain exploits for known vulnerabilities. According to a security analyst with the Symantec Security Response operation, the trojan works by contacting the mobile version of Facebook and using its Notes section. In the analyst’s blog, he said that, by analyzing the trojan’s code, Symantec’s researchers have concluded that the malware appears to perform four different actions, depending on the notes’ titles that are found. “The real command and data processing is done through the remote URL that was received from the notes, and this URL may point anywhere”, said the analyst in his blog. “However... one could (also) use a Facebook account as a C&C server and this trojan is able to successfully parse the Facebook HTML data, retrieve the wanted data from it, and also post new data to it.” Infosecurity notes that, while this is not the first time a social networking site has been used to assist in the control of malware and a botnet - a Twitter botnet, for example, was spotted back in August - it is the first time that a trojan infection has been structured to allow Facebook itself to act as a command and control server. Source: http://www.infosecurity-magazine.com/view/4955/symantec-uncovers-newtype-of-facebook-trojan-/ 47. November 3, Computerworld – (National) Put cybersecurity chief in DHS not the White House, Senator says. Five months after the U.S. President announced the need for a White House-appointed coordinator to oversee national cybersecurity affairs, the debate continues in Washington over whether such a coordinator would be more effective if outside the White House. The Ranking Member of the Senate Homeland Security and Governmental Affairs Committee raised the issue most recently. Delivering a speech on cybersecurity issues at George Washington University on November 2, the senator rejected the idea of a White House led cybersecurity effort and insisted the leadership would have to come from the U.S. Department of Homeland Security (DHS). “Effectively managing government cybersecurity is going to require more than a few staff crammed into a cubicle in the depths of the White House,” the - 20 - senator said in her speech. She said that while the National Security Agency and other intelligence agencies have the needed cybersecurity resources, “privacy and civil liberties” issues preclude them from taking leadership. As a result, any effort to secure civilian government and critical infrastructure against cyber threats needs to be led by the DHS, the senator said. Only the DHS has the ability to provide the aggressive oversight and continuous real-time security monitoring and analysis that is needed, she said. Source: http://www.computerworld.com/s/article/9140307/Put_cybersecurity_chief_in_DHS_n ot_the_White_House_Senator_says 48. November 3, The Register – (International) Bug in latest Linux gives untrusted users root access. A software developer has uncovered a bug in most versions of Linux that could allow untrusted users to gain complete control over the open-source operating system. The null pointer dereference flaw was only fixed in the upcoming 2.6.32 release candidate of the Linux kernel, making virtually all production versions in use at the moment vulnerable. While attacks can be prevented by implementing a common feature known as mmap_min_addr, the Red Hat Enterprise Linux (RHEL) distribution, does not properly implement that protection, a developer at grsecurity who discovered the bug in mid October, told The Register. Many administrators are forced to disable the feature so their systems can run developer tools or desktop environments such as Wine. On October 22, the developer wrote a proof of concept attack for the local root exploit. Over the past few months, he has emerged as an outspoken critic of security practices followed by the team responsible for the Linux kernel. In July, the developer published a separate Linux exploit that drew considerable notice because it worked even when fully patched versions were running security enhancements. It targeted a separate null pointer dereference bug that was spawned when the OS was running SELinux, or Security-Enhanced Linux. The developer at the time criticized Linux’s principal developer for failing to take responsibility for the the critical issue, citing online comments. He has also taken the Linux kernel developers to task for failing to fully disclose the extent of security bugs when they are patched. The latest bug is mitigated by default on most Linux distributions, thanks to their correct implementation of the mmap_min_addr feature. But to make RHEL compatible with a larger body of applications, that distribution is vulnerable to attack even when the OS shows the feature is enabled, he said. “They’re putting their users at risk,” he said. “They’re basically the only distribution that’s still vulnerable to this class of attack.” A Red Hat spokeswoman said patches for the versions 4 and 5 of RHEL and MRG are available here. An update for RHEL 3 is in testing and should be released soon. He said many other Linux users are also vulnerable because they run older versions or are forced to turn off the feature to run certain types of applications. Source: http://www.theregister.co.uk/2009/11/03/linux_kernel_vulnerability/ - 21 - Internet Alert Dashboard To report cyber infrastructure incidents or to request information, please contact US-CERT at sos@us-cert.gov or visit their Website: http://www.us-cert.gov. Information on IT information sharing and analysis can be found at the IT ISAC (Information Sharing and Analysis Center) Website: https://www.it-isac.org/. [Return to top] Communications Sector 49. November 4, The Register – (International) Whitehall plans ‘White Noise’ phone network collapse. The British government will simulate a shutdown of the national phone network next week in an exercise involving hundreds of government and industry players. The exercise - codenamed “White Noise” - is designed to simulate a catastrophic nationwide communications failure, will take place over Wednesday 11 November and Thursday 12 November. It will be the first time the U.K. has conducted such a large scale exercise the head of communications security in the Department for Business told a Lords committee November 4. White Noise will simulate a total national collapse of the traditional Public Switched Telephone Network. There will be no impact on those not involved in the exercise. Such a scenario could be caused by a cyber or physical attack, or a natural disaster. Officials will monitor the government’s ability to respond in a coordinated way, including keeping Parliament and the public informed. Data and mobile communications will remain intact throughout the exercise. Source: http://www.theregister.co.uk/2009/11/04/white_noise/ 50. November 4, Money Times – (National) T-Mobile hit with second outage in two months. In yet another outage, T-Mobile was inaccessible Tuesday, thus leaving nearly its 1.7 million users without access to calls or data on their cell phones. As the service carrier had been working to restore the data for its Sidekick users, it has encountered another glitch. Immediately after the outage, the service carrier posted the statement saying, “T-Mobile customers may be experiencing service disruptions impacting voice and data. Our rapid response teams have been mobilized to restore service as quickly as possible. We will provide updates as more information is available.” The outage lasted for nearly eight hours, and the company apologized for the inconvenience after it restored the services. It updated its statement saying, “T-Mobile confirms it has fully restored voice and text/picture messaging services for customers affected by intermittent service disruptions on Tuesday.” The company further stated that its focus has been to restore full services and it would now be working to investigate what led to the incident. Source: http://www.themoneytimes.com/featured/20091104/t-mobile-hit-secondoutage-two-months-id-1089816.html For another story, see item 25 [Return to top] - 22 - Commercial Facilities Sector Nothing to report [Return to top] National Monuments and Icons Sector 51. November 3, Billings Gazette – (Wyoming) Yellowstone cleans up fuel storage, other sites with polluted soil, water. Contractors have almost finished initial cleanup work at several sites around Yellowstone National Park where leaky underground fuel tanks had contaminated soil and groundwater over the past few decades. Some of the polluted sites are near pristine waters, and while they did not pose an immediate threat to drinking water, it is important that they be cleaned up, said the environmental protection specialist for the park. He is also working with the Wyoming Department of Environmental Quality (DEQ) on the $3.5 million project. Most of the 11 contamination sites are at service stations operated by concessionaires, and most of the leaks occurred or were discovered more than a decade ago, according to a DEQ engineering report. They include gas stations at Grant Village, Bridge Bay Marina, Old Faithful, Lake, Canyon, and Fishing Bridge, as well as a National Park Service maintenance facility at Canyon and a gas station at Pahaska Tepee, just outside the park’s east entrance. The buried fuel tanks are a small part of a mostly invisible infrastructure that runs throughout the developed sections of the nation’s oldest national park, including water and power for many of Yellowstone’s 1,500 buildings, he said. The high-priority site that triggered current cleanup efforts in Yellowstone was a Park Service maintenance shop and fuel depot at Canyon, according to the DEQ engineering supervisor for the Yellowstone cleanup. Cleanup work at that site and at others will include a combination of removing contaminated soil and groundwater, as well as pumping oxygen underground to promote the growth of aerobic bacteria that metabolize hydrocarbons. Source: http://billingsgazette.com/news/state-and-regional/wyoming/article_8ee21be0c907-11de-bb66-001cc4c002e0.html [Return to top] Dams Sector 52. November 4, Associated Press – (Louisiana) New Orleans project aims to head off the next flood. Mindful that the suburban West Bank of New Orleans has regained its pre-Hurricane Katrina population and is primed for growth, the Army Corps of Engineers is launching a $1 billion effort to keep the surge from the next storm at bay. The new flood protection is already having a potentially dangerous consequence, though: It is encouraging more people to move into another bowl-shaped area that experts consider perhaps the city’s most vulnerable flank. Many of those who moved to the area did so under the mistaken impression that it was safer than the East Bank, much of which flooded when levees failed during Katrina. But the fact that the West - 23 - Bank did not flood was mainly chance; engineers say the area’s 250,000 residents are exposed to a surge from a storm coming in at the wrong angle, in part because of navigation and drainage canals in the area. The corps broke ground last week on the West Closure Structure, a floodgate and pump system designed to close off those canals and bolster the area’s levees. So far, the area has been spared catastrophic flooding: Katrina passed to the east in August 2005, but hurricanes Rita and Gustav pushed water levels dangerously high in West Bank canals. Experts say that up to 70 percent of the West Bank could be underwater if a monster storm were to hit it. Local officials see the West Closure Structure as a spur to development; large areas of the West Bank are pasture, woods and wetlands that will be made attractive, particularly since the East Bank is crammed with houses and businesses. Source: http://www.dallasnews.com/sharedcontent/dws/news/texassouthwest/stories/DNbarrier_04tex.ART.State.Edition1.4b5135a.html 53. November 3, Southeast Missourian – (Missouri) River to crest Wednesday below predicted level. The Mississippi River will crest Wednesday in Missouri, three feet below the level predicted immediately after last week’s heavy rains, the National Weather Service predicted Tuesday. The river is projected to reach 39.5 feet on the Cape Girardeau gauge, 7.5 feet above flood stage. Original predictions showed the river cresting at 42.5 feet. Downtown floodgates were closed Friday and the high water has suspended rail traffic through downtown Cape Girardeau. The floodgate on the Burlington-Northern Santa Fe Railroad north of downtown was closed Monday. The river is expected to fall slowly to 36 feet by Sunday morning, barring additional rains. No prediction has been issued on when the river will fall below flood stage, which is 32 feet. Source: http://www.semissourian.com/story/1584115.html 54. November 3, WLWT 5 Cincinnati – (Kentucky; Indiana) Crews inspect broken gate at Markland dam. Crews are inspecting a broken gate of the Markland Dam between Kentucky and Indiana for the first time since it failed on September 27. Crews from the U.S. Army Corps of Engineers added a bulkhead at the main lock of the dam. That allowed them to drain the water from the chamber to get at the gate, which broke off and was sitting at the bottom of the river. Crews were inspecting the broken gate for damage. They were also inspecting the pins that held the gate and its companion gate in place to determine what repairs need to be made. The gate will be lifted from the dam on November 10 and moved onto a barge next to its companion gate. Both gates will then be shipped down the river to a repair facility in Louisville. Engineers are keeping a close eye on the water level in the Ohio River, which is currently at about 24 feet. If the water level rises, it could put pressure on the bulkhead, which could cause it to fail. Engineers said that if the level rises a few feet, they will need to flood the chamber with water and abandon the operation until a later date, though they were optimistic that would not happen. In the meantime, dams upstream are holding back water and the McAlpin Dam in Louisville, Kentucky, downstream from the Markland Dam, is letting more water than usual through in order to keep the water level in the river stable. Engineers said a preliminary report on the cause of the initial failure at the dam was - 24 - expected in the next few days. Source: http://www.wlwt.com/news/21508473/detail.html 55. November 2, Seattle Post Intelligencer – (Washington) Flood concerns prompt Weather Service to target Green River Valley. The National Weather Service will increase its flood forecasting presence in the Green River Valley, Washington, where local officials are preparing for possible severe flooding because a damaged dam cannot hold as much water as it used to. The Weather Service will: Install 14 additional rain gauges; install an Atmospheric River Observatory system in the Green River basin, which will include a wind profiler, water vapor sensor, and a vertically-pointing radar to monitor the rain/snow level; assist the U.S. Army Corps of Engineers and U.S. Geological Survey to install additional river gauges; customize weather and river models with a focus on the Green River basin; and increase the frequency of short term forecasts, watches, warning, and call to action statements tailored to alert local community officials. The weather service will bring in more workers from other regions during a major storm. The County Council last month approved $34.6 million in funding to help prepare for possible severe flooding in the coming weeks in south King County. The Howard Hanson Dam, which regulates the flow of water in the Green River Valley, was damaged during January flooding. As a result, the U.S. Army Corps of Engineers says it cannot use the structure, built in 1962, to its full floodstorage capacity. In the worst-case scenario, property damage alone could be $3 billion while a shutdown of economic activity could cost the region $46 million a day, authorities say. Authorities also say up to 30,000 people could be displaced. Source: http://www.seattlepi.com/local/411766_flood02.html [Return to top] - 25 - DHS Daily Open Source Infrastructure Report Contact Information About the reports - The DHS Daily Open Source Infrastructure Report is a daily [Monday through Friday] summary of open-source published information concerning significant critical infrastructure issues. The DHS Daily Open Source Infrastructure Report is archived for ten days on the Department of Homeland Security Website: http://www.dhs.gov/iaipdailyreport Contact Information Content and Suggestions: Send mail to NICCReports@dhs.gov or contact the DHS Daily Report Team at (202) 312-3421 Subscribe to the Distribution List: Visit the DHS Daily Open Source Infrastructure Report and follow instructions to Get e-mail updates when this information changes. Removal from Distribution List: Send mail to support@govdelivery.com. Contact DHS To report physical infrastructure incidents or to request information, please contact the National Infrastructure Coordinating Center at nicc@dhs.gov or (202) 282-9201. To report cyber infrastructure incidents or to request information, please contact US-CERT at soc@us-cert.gov or visit their Web page at www.us-cert.gov. Department of Homeland Security Disclaimer The DHS Daily Open Source Infrastructure Report is a non-commercial publication intended to educate and inform personnel engaged in infrastructure protection. Further reproduction or redistribution is subject to original copyright restrictions. DHS provides no warranty of ownership of the copyright, or accuracy with respect to the original source material. - 26 -