Current Nationwide
Threat Level
ELEVATED
Significant Risk of Terrorist Attacks
For information, click here: http://www.dhs.gov


The New York Times reports that on October 20 federal agents have seized six computers, two cameras, two cellphones, and hundreds of files from a Los Alamos, New Mexico,
physicist who is suspected of international espionage with Venezuela. (See item 10 )
According to KIRO 7 Seattle, if the Green River floods during the upcoming rainy season,
800,000 King County residents could be without sewage service for months. (See item
20 )
Fast Jump Menu
• Energy • Banking and Finance
• Chemical • Transportation
• Dams Sector • Commercial Facilities
• Water Sector • Emergency Services
Current Electricity Sector Threat Alert Levels: Physical: ELEVATED,
Cyber: ELEVATED
Scale: LOW, GUARDED, ELEVATED, HIGH, SEVERE [Source: ISAC for the Electricity Sector (ES-ISAC) -
[http://www.esisac.com
]
1.
October 22, Associated Press – (Utah) Fire breaks out at Salt Lake City refinery, but no injuries reported. Several trailers and equipment were damaged in a fire that lit up the skies at a Tesoro Corp. refinery in Salt Lake City. A city fire spokesman says parts of the refinery were evacuated while emergency crews joined refinery firefighters battling the blaze just after 9 p.m. on October 21. No injuries were reported. He says a pool of crude oil caught fire and spread to a 200-yard radius. It was not immediately clear what sparked the fire. The fire disrupted highway traffic and rail service in the
- 1 -

area. Tesoro says the refinery produces gasoline, diesel fuel and jet fuel.
Source: http://www.latimes.com/news/nationworld/nation/wire/sns-ap-us-refinery-fireutah,0,7802665.story
2.
October 22, Bloomberg – (International) Timor Sea oil spill may have reached
63,000 barrels, greens say. An oil spill from a leaking well off Western Australia may have polluted the Timor Sea with 10 million liters, about 63,000 barrels, of oil, making it among the three worst in the country’s history, the Greens said on October 22. The
Montara well may be spilling as much as 3,000 barrels of oil a day, a Greens senator said in a statement, citing information sourced by the party. That is up to 10 times higher than the estimate from field operator PTT Exploration & Production Pcl
(PTTEP), which puts the flow at about 300 to 400 barrels a day, a spokesman said by phone on October 22. Bangkok-based PTTEP is due to make a fourth attempt on
October 23 to intercept the leak, 2,600 meters (1.6 miles) below the seabed, in an effort to plug it. Oil, gas and condensate began seeping into the Timor Sea from the well on
August 21. The opposition Liberal Party has called on the government to intervene in the operation should the next bid fail. Australia’s department of resources, energy and tourism has calculated the well is leaking oil at a rate of 2,000 barrels a day, based on data from Geoscience Australia, the Greens said. The estimate was made by department officials at a Senate hearing in Canberra yesterday, the senator said. By October 20,
457,000 liters of oil product, including 277,000 liters of oil, had been removed from the ocean, the marine safety authority said. Aerial surveillance shows oil about 201 kilometers from the Western Australian coast and 257 kilometers off Indonesia, it said.
The oil currently poses no threat to environmentally sensitive reef areas, the authority said October 21. PTTEP has drilled a relief shaft at the Montara field to intercept the leaking well and plug it, and intends to halt the flow by injecting heavy mud.
Source: http://www.bloomberg.com/apps/news?pid=20601081&sid=aWGuIAo7gecc
3.
October 21, U.S. Department of Justice – (Texas) Ship operator pleads guilty for concealing pollution from oil tanker. A Panamanian company that operated a 40,000ton oil tanker ship that regularly made calls in multiple ports in Texas pleaded guilty today in federal court in Houston for deliberately concealing pollution discharges from the ship directly into the sea. The operator of the M/T Georgios M, pleaded guilty to three felony violations of the Act to Prevent Pollution from Ships for failing to properly maintain an oil record book as required by federal and international law. According to a plea agreement filed with U.S. District Court for the Southern District of Texas, the company has agreed to pay a $1 million criminal fine along with a $250,000 community service payment to the congressionally-established National Marine
Sanctuary Foundation. The money will be designated for use in the Flower Garden and
Stetson Banks National Marine Sanctuary, headquartered in Galveston, Texas, to support the protection and preservation of natural and cultural resources located in and adjacent to the sanctuary. According to the joint factual statement, from December
2006 until February 2009, senior engineering officers and crew members installed a bypass pipe known as a “magic pipe” in order to avoid the pollution control equipment on-board the ship. The senior engineers then directed junior engineers to connect the so-called “magic pipe” and deliberately discharge sludge and oily waste directly into
- 2 -

the ocean. The senior engineers also made false entries in the oil record book to conceal the fact that the pollution control equipment had not been used. The crewmembers then attempted to conceal the discharges on February 19, 2009 during a Coast Guard boarding at the port in Texas City, by providing the falsified oil record book to the boarding crew.
Source: http://www.usdoj.gov/opa/pr/2009/October/09-enrd-1133.html
[
Return to top
]
4.
October 21, KIRO 7 Seattle – (Washington) Gas main break in south Seattle. Gas was spewing from a gas line break in South Seattle early evening on October 21. Puget
Sound Energy (PSE) said they were called to Martin Luther King Way and South
Alaska Street at about 3:50 p.m. after a construction crew caused the four-inch gas line break. A nearby Boys and Girls Club was evacuated for a short time, but they were allowed back inside the building. Sound Transit said the break caused minor delays to the Sounder train. Traffic was being diverted in the area. A member of the Seattle Fire
Department said they may have to excavate to get to the line.
Source: http://www.kirotv.com/news/21382757/detail.html
5.
October 22, Birmingham News – (Alabama) Clean up at chemical disposal plant in
Anniston underway after small fire inside facility. Work has begun to clean up a room at the chemical weapons disposal plant in Anniston after a small flame was found
Wednesday during the processing of a mortar filled with a mustard agent, officials with that facility said. Part of the gallon of mustard agent from a 4.2-inch mortar spilled onto the floor inside an explosion containment room during the 2 p.m. Wednesday incident, but there were no injuries or damage to the facility, the Anniston Chemical Agent
Disposal Facility reported. Robotic equipment was being used in the specially designed room, with concrete walls 2-feet thick, to remove the mortar fuse and burster, according to a press release from the facility. A flame that lasted 10 to 15 seconds was detected where the equipment grips the fuse and burster to rotate and remove them.
There was no explosion and there was no damage to the remote-controlled robotic equipment, according to the statement. No one was injured and no one was in the immediate vicinity of the operation.The room is designed to keep the chemical agents from escaping to other areas of the facility or to the outside. Maintenance teams are working in protective suits to put the mortar in a sealed container and decontaminate the room, a facility spokesman said this morning. Immediately after the fire was detected, the Alabama Department of Environmental Management was notified and operations were temporarily suspended, the spokesman said. Operations later resumed in other areas of the plant, including in another containment room that’s a “twin” to the one where the incident took place, he said.
Source: http://blog.al.com/spotnews/2009/10/post_136.html
6.
October 21, KGO 7 San Francisco – (California) Overnight explosion investigated in
Berkeley. Berkeley Police are investigating an overnight explosion that brought out
- 3 -

hazardous material crews and an order for some neighborhood residents to stay indoors.
It happened around 10 p.m. Tuesday night near Blake Street and Chilton Way. Police blocked off the area, located a block away from busy Telegraph Avenue. Investigators believe the explosion involved some kind of chemical. They say the blast left behind a white streak of powder on the street, which should not pose any harm. There were no reports of damage or injuries.
Source: http://abclocal.go.com/kgo/story?section=news/local/east_bay&id=7075362
[
Return to top
]
[
Return to top
]
7.
October 21, San Luis Obispo Tribune – (California) Seismic safety focus of Diablo meeting. Nuclear Regulatory Commission officials Tuesday held what could prove to be the first in a long series of meetings concerning renewing Diablo Canyon nuclear power plant’s two operating licenses. Speakers addressed the gamut of familiar Diablo
Canyon controversies including earthquake safety, spent fuel storage, biological effects of the cooling system and vulnerability of the plant to terrorist attack. The agency is updating its license renewal rules and held the meeting in Pismo Beach to gather public input. About two dozen people attended. Pacific Gas and Electric Co. officials say the utility has not decided whether it will apply for license renewal. However, it is standard industry practice to apply for renewal, and the state Public Utilities Commission has given the utility a deadline of June 2011 to make its decision.
Source: http://www.sanluisobispo.com/news/local/story/893002.html
[
Return to top
]
8.
October 22, Associated Press – (International) Indonesian soldier wounded in attack at Freeport. Police say a gunman fired on an Indonesian military truck near a U.S.owned gold mine in eastern Papua province, wounding a soldier. The chief of Papua police said October 22 the truck was carrying food and supplies to troops deployed near the world’s largest gold mine, operated by Freeport-McMoRan Copper & Gold Inc of
Phoenix, Arizona. A string of attacks near the Grasberg mine since mid-July has left three dead and injured more than 20. The mine is a source of tension in the remote, impoverished region. Police were searching for the latest attackers, who fled into the jungle Wednesday after shooting the soldier in the leg. His condition was unclear. The shooting came a day after two mine workers were injured by gunfire nearby.
Source: http://www.oregonlive.com/newsflash/index.ssf?/base/international-
17/1256205317294890.xml&storylist=international
- 4 -

9.
October 21, Defense News – (National) After delays, LCS 2 completes builder’s trials. The Navy’s second littoral combat ship, the Independence, finished its builder’s trials Wednesday, more than three months after first sailing from its Mobile, Alabama, shipyard for its tests at sea. The aluminum trimaran hit a top speed of 45 knots and kept a sustained speed of 44 knots during its full power run in the Gulf of Mexico, shipbuilder General Dynamics said in an announcement. It kept a high speed and stability despite eight-foot waves and 25-knot winds. Now that the Independence has finished its builder’s trials, Navy inspectors will come aboard later this year for acceptance trials before the ship is finally delivered. The Navy’s program executive officer for ships has said the latest schedule calls for the Independence to be delivered before the end of 2009 and be commissioned sometime early next year. He said that engineers had to stop and start Independence’s builder’s trials since July to address early problems with the ship and to finish construction in some areas. The ship’s jet drive room flooded, and it had vibration and temperature problems with its propulsion systems. Each LCS was initially pitched to Congress for a cost of about $220 million, but according to the Navy’s latest budget figures, the Freedom has cost $637 million and the Independence has cost $704 million. The Navy has awarded contracts for a second Freedom-class ship — the Fort Worth — and a second Independence — the
Coronado — but has not disclosed the value of the contracts. Navy officials claim the ongoing competition between GD and Lockheed mean they can not release the ships’ costs, although the program executive officer said he hopes the Navy will reveal those costs soon.
Source: http://www.defensenews.com/story.php?i=4336381&c=AME&s=TOP
[
Return to top
]
10.
October 20, New York Times – (International) Property of nuclear critic is seized by federal agents. Federal agents have seized six computers, two cameras, two cellphones, and hundreds of files from a Los Alamos, New Mexico, physicist who for two decades has criticized the government’s nuclear agenda as misguided. A Federal
Bureau of Investigation spokesman in Albuquerque said that the action on Monday was part of “an ongoing federal investigation” and that he could provide no details. The physicist said he was told that the seizures were part of a criminal investigation into possible nuclear espionage. He also declared his innocence. “If I were a real spy,” he said Tuesday, “I would have left the country a long time ago.” The physicist was laid off from the Los Alamos National Laboratory in 1988 and has ever since championed an innovative type of laser fusion, which seeks to harness the energy that powers the sun, the stars and hydrogen bombs.
Source: http://www.nytimes.com/2009/10/21/us/21alamos.html?_r=2&adxnnl=1&adxnnlx=125
6141164-u4vN42KUpbireo8ML10fsQ
11.
October 22, IDG News Service – (International) Fraudsters trying to capture bank cards at machines. European financial institutions are seeing a sharp rise in card
- 5 -

“trapping,” where criminals use various tricks in order to capture and retrieve a person’s ATM card for fraudulent use. For the first half of this year, financial institutions reported 1,045 trapping incidents, according to a new report from the
European ATM Security Team (EAST), a nonprofit group composed of financial institutions and law enforcement. The figure, which covers 20 countries within the
Single Euro Payments Area (SEPA), represents a 640 percent increase over the first half of 2008. “For the first time, we’ve seen a significant spike in the number of cardtrapping incidents,” said EAST’s coordinator. “It’s a new trend.” Criminals may be turning to trapping as an alternative way to get around the main security feature for payment cards issued in Europe: the microchip. European banks now use chip-and-PIN
(personal identification number) cards, also known as EMV cards. During face-to-face transactions, customers must enter a PIN into point-of-sale devices, which authenticates the transactions. ATMs verify the presence of a chip to prevent the use of cloned cards without a microchip.
Source: http://www.pcworld.com/businesscenter/article/174116/fraudsters_trying_to_capture_b ank_cards_at_machines.html
12.
October 21, Newscow – (National) Local bank warning of debit-card phone scam. On October 19 Union State Bank notified authorities of a debit-card telephone scam after a number of the banks customers reported receiving a pre-recorded phone call. No specific bank, or other financial institution, is identified in the automated call but the recording indicates that the customer’s Visa debit car has been deactivated due to suspicious activity. The customer is asked to enter a card number, expiration date and security code into the phone. “This is definitely a scam,” stated the USB President.
“We would never solicit such information from our customers.” He said the bank is concerned that since no financial institution is named in the call, anyone could be targeted, not just Union State Bank customers.
Source: http://www.newscow.net/story.php?StoryID=3327
[
Return to top
]
13.
October 21, Associated Press – (New York) NY businessman gets 20 years for Ponzi scheme. A New York businessman has been sentenced to 20 years in prison for running a Ponzi scheme that took in more than $31 million. The 83 year-old man was sentenced on October 21 in U.S. District Court in Buffalo to 20 years for mail fraud and five years for tax evasion, with the terms to be served concurrently.
Source: http://www.seattlepi.com/national/1110ap_ny_ponzi_scheme_catholics.html
14.
October 22, CNN – (Georgia) Feds look at instruments, approach lights in taxiway landing. Federal investigators trying to determine why a Delta Air Lines jet landed on a taxiway instead of the runway in Atlanta on Monday morning say the runway was illuminated, but that approach lights and a ground-based instrument that helps pilots line up with the runway were off. The pilots of the plane that landed at the Atlanta
- 6 -

airport have been relieved from flying duties pending probes. The departure taxiway, which can be filled with aircraft during peak hours, was empty at the time, and the plane landed safely, officials said. No one was injured, and there was no damage to the taxiway. The Boeing 767 aircraft had 182 passengers and a crew of 11. The FAA, the
National Transportation Safety Board and Delta Air Lines are investigating. The pilots of the aircraft were placed on nonflight status, Delta said. The NTSB on Wednesday confirmed that a “check pilot” on the flight was sick, and the crew had declared a medical emergency. It was not clear what, if any, role that played in the mishap.
Sources familiar with the incident say that Flight 60 originally was scheduled to land on Runway 27L (left), the active runway at that time, but was “sidestepped” to Runway
27R (right). Pilots commonly ask to be “sidestepped” to Runway 27R — and air traffic controllers commonly offer 27R — because it is closer to the terminal and pilots can shave minutes from a trip. The runway was marked with yellow lights, while the taxiway was marked with blue lights, one person familiar with the incident said. The
NTSB said the runway lights on 27R were illuminated, but a “localizer” and approach lights for the runway were off.
Source: http://edition.cnn.com/2009/US/10/21/taxiway.landing/
15.
October 22, Associated Press – (Colorado) Plane towed after landing at Denver airport. Aviation officials say a United Airlines flight declared an emergency shortly before landing in Denver with total hydraulic failure. Flight 418 from San Diego had to be towed to a gate to allow passengers to deplane. A Denver International Airport spokesman says the plane landed normally and that no injuries were reported. He says firefighters were waiting along the runway, which is standard procedure when an
“Amber Alert” is declared after a pilot reports that there may be a problem with the landing.
Source: http://www.dailymail.com/ap/ApTopStories/200910220545
16.
October 21, KCBS 106.9 San Francisco – (California) New safety signs for Bay
Bridge curve. Transportation officials plan to install more signs warning drivers to slow down on a new section of the San Francisco-Oakland Bay Bridge that has seen more than 20 crashes since it opened. The decision follows a big rig accident
Wednesday that shut four of five lanes on the upper deck of the recently opened Scurve for hours during the evening commute. Authorities say the truck was going too fast for the curve, where the speed limit drops from 50 to 40 miles per hour. The
California Department of Transportation plans to add signs to the section that alert drivers to their speed and another large, yellow sign with the speed limit and a curved arrow. The S-curve is part of the project to replace the bridge’s seismically unsafe eastern span with a new bridge.
Source: http://www.kcbs.com/New-Safety-Signs-for-Bay-Bridge-Curve/5490064
17.
October 21, Charlotte Observer – (North Carolina) Suspicious airport package blown up. The Charlotte-Mecklenburg Bomb Squad blew up a suspicious package that had triggered an alert late Wednesday outside Charlotte/Douglas International Airport. The package was a backpack, according to police, and it was spotted sometime before 11 a.m. in the daily parking lot, not far from the control tower. Police say one person was
- 7 -

detained for questioning, but the connection between that person and the backpack is not clear. It also is not clear why the backpack triggered the alert. Authorities say flight schedules were not changed, and airport operations were not affected. The bomb squad and Hazmat team were called to the scene, and the backpack was blown up around noon. Authorities told WCNC-TV, the Observer’s news partner, that they found no signs of explosives or chemicals in the backpack.
Source: http://www.charlotteobserver.com/breaking/story/1012220.html
[
Return to top
]
For more stories, see items 1 and
4
18.
October 22, Norwich Bulletin – (Connecticut) 2 sickened after opening suspicious letter at Coast Guard Academy. A portion of a Coast Guard Academy medical clinic was briefly closed and a hazardous materials unit called in on October 21 when two
Coast Guard medical staff members became ill after opening a suspicious letter, an academy spokesman said. At 1 p.m. the two staff members were in an office at the medical clinic when they opened a letter and became light-headed and experienced shortness of breath, said a Coast Guard spokesman. The two were treated at the clinic and later released without any persisting symptoms. No hazardous substances were detected in later tests of the letter. Police did not reveal the contents of the letter. As a precautionary measure, the office where the letter was opened and a portion of the clinic were evacuated and the letter isolated, the spokesman said.
Source: http://www.norwichbulletin.com/news/x826022928/2-sickened-after-openingsuspicious-letter-at-Coast-Guard-Academy
19.
October 22, Advertiser – (Louisiana) Police examine strange parcels. A suspicious package found at a local Navy recruiting office in Lafayette is being investigated by authorities. It was the second time in as many days that such a package has been delivered to a local military office. Neither of the packages contained dangerous materials, but police closed off the scenes as a precaution. The Lafayette Police
Department, Lafayette Fire Department and Louisiana State Police personnel were called to the U.S. Navy Recruiting Office on Congress Street after a suspicious envelope was reported there Wednesday afternoon. On Tuesday night, personnel at the
U.S. Marine Reserve Center on Surrey Street also discovered a suspicious package that led to them to call authorities. Wednesday’s delivery and Tuesday’s envelope contained quotations from the Bible, according to investigators at the scene. “We’re not necessarily sure whether they both arrived the same day, and that the one at the Navy offices was discovered today but was delivered yesterday,” said a Lafayette police spokesman. “Neither was dangerous, just suspicious in nature, and both entities took precautions.” The Police Department was the first investigative unit involved in
Wednesday’s case on Congress Street. “Obviously, both packages are connected and could have been sent by the same person,” he said. “The incidents are being looked into by agencies affiliated with the military that deal with these type of things.”
- 8 -

Source: http://www.theadvertiser.com/article/20091022/NEWS01/910220305/1002/NEWS01/P olice-examine-strange-parcels
[
Return to top
]
[
Return to top
]
Nothing to report
20.
October 22, KIRO 7 Seattle – (Washington) Green River flooding could leave 800K without sewage for months. Officials said if the Green River floods during the upcoming rainy season, 800,000 King County residents could be without sewage service for months. On Thursday, workers will start installing flood walls designed to safeguard the south sewage treatment plant in Renton. Protecting it from possible winter floods will cost $7.5 million. The county is also installing backup generators and making plans to bring in workers and supplies by boat if needed. In the event of a flood the plant’s ability to treat millions of gallons of wastewater a day could be impacted.
“Toilets, showers, garbage disposals, laundry, anything that goes down an interior drain in a house, (could be affected),” said the assistant King County executive.
Source: http://www.kirotv.com/news/21391613/detail.html
21.
October 21, Indiana University News Room – (Indiana) Designer molecule detects tiny amounts of cyanide, then glows. A small molecule designed to detect cyanide in water samples works quickly, is easy to use, and glows under ultraviolet or “black” light. Although the fluorescent molecule is not yet ready for market, its Indiana
University Bloomington (IU) creators report in the Journal of the American Chemical
Society (now online) that the tool is already able to sense cyanide below the toxicity threshold established by the World Health Organization. “This is the first system that works in water at normal pH levels and can be modified at will to enhance its reactivity,” said the IU Bloomington chemist who led the research. “We are now looking at how to make the detector more sensitive.” One of the reasons the detector is not ready for market, he says, is that its optical properties need to be improved to emit light at longer wavelengths with less interference from background signals, especially those of biological origin. Since pond or river water is likely to contain living organisms and other organic matter, but the detector system must be perfected. In 2003 the World Health Organization reported that cyanide contamination of drinking water is a major problem in developing countries — and in some developed countries, too.
While cyanide contamination occasionally results in outbreaks of acute illness, in most cases, cyanide contamination levels are low enough that the health effects incurred in humans are less pronounced. In these cases, cyanide poisoning may simply present as anemia, goiter, or as a mysterious inability to maintain healthy vitamin B12 levels. The
- 9 -

researcher says he hopes to develop the detector system so that it can be used to protect people from inadvertently poisoning themselves with cyanide-laced drinking water.
Source: http://newsinfo.iu.edu/news/page/normal/12286.html
[
Return to top
]
22.
October 21, KPCC 89.3 Pasadena – (California) 4 water mains break in Mulholland
Dr. area, South Los Angeles. Three water mains broke in the early hours of the morning Tuesday and a fourth broke late in the evening causing flooding, mud flows, street closures and sinkholes. This comes on the heels of two breaks on Monday and four over the weekend. According to a captain of the Los Angeles Fire Department, the flow of mud and water also caused flooding on Donington Place and a private property on North Deep Canyon Drive. A few minutes later in South Los Angeles, two more mains burst. A rupture at Wall and East 83rd Street created a sinkhole. Flooding from the other break at South Van Ness and Florence avenues caused street closures. Around
10:15 p.m., another main broke near Mulholland on the small street of Packwood Trail.
Customers in the areas of the early morning ruptures all had service restored by 4 p.m.
Tuesday. On Monday, October 19, two mains ruptured within 20 minutes of each other in the Porter Ranch area and nearby Granada Hills. Last weekend saw a break at the
1900 block of W Court St. on Saturday and three breaks on Friday.
Source: http://www.scpr.org/news/2009/10/21/4-water-mains-break-mulholland-drarea-south-los-a/
23.
October 21, Riverside Press-Enterprise – (California) Perris hospital at risk of losing federal funding. Federal officials for at least a second time have warned administrators at a Perris Hospital that the facility is at risk of losing its Medicare and Medicaid funding, which is its major income source. The Centers for Medicare and Medicaid
Services, the agency that regulates health care facilities, told administrators at Vista
Hospital of Riverside that the facility could its certification by January 8, according to a letter sent to the hospital. Agency officials told hospital administrators that they could avoid Medicare and Medicaid termination if by October 18 they submitted evidence that they had corrected problems identified during a May 28 inspection. A Medicare &
Medicaid spokeswoman on Wednesday said the deadline for the hospital’s response to her agency’s letter had been extended, but she did not elaborate. Vista Hospital remains licensed, according to records from the California Department of Public Health, which regulates health care facilities statewide. State hospital regulators started an investigation at Vista Hospital in June 2008 because of a patient’s death. Violations they found included doctors’ delayed response or unresponsiveness to life-threatening emergencies, inadequate infection control and failure to dispense and track medicines, according to a state investigation report.
Source: http://www.pe.com/localnews/inland/stories/PE_News_Local_S_inspection22.467eeac.
html
- 10 -

24.
October 21, Pittsburgh Post-Gazette – (Pennsylvania) Police respond to shooting at
Suburban General Hospital. Police are searching for a man who they said robbed and possibly pistol-whipped a doctor and a receptionist at Suburban General Hospital’s professional building in Bellevue, Pennsylvania Wednesday night. Officers with police dogs were searching near the building at North Jackson and Lincoln avenues.
Bellevue’s police chief said the man they are looking for is likely a patient of the doctor’s who confronted him in a basement office just after 6 p.m. A “struggle ensued” and three shots were fired, though no one was struck, he said. It is unclear whether the man hit the pair with the butt of the pistol he was carrying, the chief said. The man then fled. Police from several agencies, including the city and Allegheny County, responded to the scene.
Source: http://www.post-gazette.com/pg/09294/1007396-100.stm
[
Return to top
]
For another story, see item 30
25.
October 22, Associated Press – (Montana) 50 nuclear missiles deactivated at
Malmstrom. Malmstrom Air Force Base officials say they have completed deactivation of 50 missile launch facilities for the 564th Missile Squadron after two years of work. A maintenance group put in more than 29,000 hours to remove all the major equipment and components from the silos, as well as the five missile-alert facilities that controlled them. “Our folks really stayed positive and upbeat throughout the whole deactivation program,” said a Master Sergeant who is the noncommissioned officer in charge of the missile maintenance team section. “It’s that great attitude that kept things on track. When you are breaking loose and removing hardware that had been in place since 1967, it takes willpower and drive. I am very proud of the people that made it happen.” Top military officials determined in early 2006 that it was no longer strategically necessary to keep 500 intercontinental ballistic missiles (ICBM) on alert nationwide. The Air Force chose to deactivate the 564th, northwest of Great Falls between Shelby and Dutton, because it had a different internal communications system than used in the nation’s nine other ICBM squadrons.
Source: http://www.airforcetimes.com/news/2009/10/ap_airforce_malmstrom_nuclear_deactiva ted_102109w/
26.
October 22, Ledger-Enquirer – (Georgia) JAG office arsonist sentenced to 7 years in prison. A federal judge has sentenced a female defendant, the former Fort Benning civilian employee who pleaded guilty in July of burning down the post’s historic Judge
Advocate General (JAG) building, to 7 years in prison. She was also ordered to pay
$7.5 million in restitution. The U.S. District Judge for the Middle District of Georgia, made his decision on 20 October following about 90 minutes of testimony and discussion. The defendant, 31, who had worked at JAG before being dismissed during
- 11 -

an investigation into another matter, faced five to 20 years in prison.
Source: http://www.ledger-enquirer.com/news/story/881531.html
27.
October 22, Associated Press – (New Jersey) Airport guard accused of Obama threat due in court. A security guard at Newark Liberty International Airport charged with threatening the President is due in court. The suspect is expected to hear a judge in
Newark review the charges via a video link on October 22. The suspect was arrested on
October 20, several hours after a Continental Airlines employee reported overhearing him make threatening comments at an airport coffee cart. The President arrived at the airport on October 21 to campaign for the New Jersey governor. The 55-year-old is charged with making terrorist threats against the president and is held on $100,000 bail.
The defendant works for a private security company that has a contract at the airport.
Its employees’ screen the credentials of other airport workers.
Source: http://www.google.com/hostednews/ap/article/ALeqM5jN_1cMtpnhAb7DVK_y9M3w
0dsuNQD9BG6U2O0
[
Return to top
]
28.
October 21, Knoxville News Sentinel – (Tennessee) Roane State data device with student, worker info missing. A data storage device containing the names and Social
Security numbers of more than 10,000 people has been missing since October 12 when it was stolen from a Roane State Community College employee’s car while it was parked off-campus in Knox County, college officials announced today. The college has issued an “ID alert” on its Web site, sent letters to anyone who may be affected by the theft and has notified major consumer reporting agencies. The device was used for work-related purposes. “Immediately after the theft, we did not want to release information that would interfere with the investigation,” said Roane State vice president. “Once it became clear an arrest, or the recovery of the device, was not imminent, we informed those affected as quickly as possible.” The device contained the names and Social Security numbers of 10,941 people, including 1,194 current or former employees and 9,747 current or former students. The device also contained the Social
Security numbers only, but no names, for 5,036 current or former students. No academic records were on the device. The community college has posted more information here, www.roanestate.edu/idalert.
The college has also set up a hot line to handle questions from those affected by the theft. The number is 865-882-4688 or tollfree 1-866-462-7722, extension 4688.
Source: http://www.knoxnews.com/news/2009/oct/21/roane-state-data-device-studentworker-info/
29.
October 21, Firehouse.com
– (Nebraska) Cheating discovered in Neb. firefighter test. The city of Papillion, Nebraska, must start all over with selecting its new crop of firefighters after an investigation revealed that recruits were given test answers ahead of time. Two current firefighters are accused of giving out the answers. The setback
- 12 -

puts the Papillion Fire Department about three months behind in its hiring process. It will also cost the city tens of thousands of dollars and inconvenienced 166 applicants.
City officials got suspicious when some applicants scored unusually high on a written portion of the test. Papillion police investigated and learned two fire department employees had given out the questions and answers. The employees have remained unnamed. The city has yet to decide how they will be disciplined.
Source: http://cms.firehouse.com/web/online/News/Cheating-Discovered-in-Neb-
Firefighter-Test/46$66252
[
Return to top
]
30.
October 21, Federal Computer Week – (Indiana) Wireless medical records system comes to Indianapolis. Health specialists in Indianapolis have established the nation’s first ambulance-based information system that allows paramedics and emergency medical personnel immediate access to the statewide electronic health records (EHRs) of patients. The Regenstrief Institute and Wishard Health Services set up the system earlier this year with grants from the Health and Human Services and Homeland
Security departments. The goal is to help the medics provide more effective emergency care to patients by having real-time access to a digital record of the patients’ preexisting medical conditions, previous treatments, allergies, current medications and other information. Currently, some ambulances have computer applications on board that can identity whether a patient has been transported before, and the reasons for the transport, and some medical facts about the patient. The Regenstrief system is automatically making available a much broader amount of the patients’ medical information in real time to ambulance systems in Indianapolis and its suburbs. About eight of the 20 ambulance systems in the city and its suburbs have signed up thus far, and the largest system has been using the data in the field since June. Eventually, as more systems join in, the system could be providing data to 1,500 authorized personnel.
Source: http://fcw.com/articles/2009/10/21/indianapolis-ambulances-accessingwireless-ehr-system.aspx
31.
October 22, CNET – (International) Windows 7 default user account control worries experts. Corporate IT departments should be pleased with new security measures in
Windows 7, but consumers are still at risk of getting hit by malware despite changes in the User Account Control (UAC) feature designed to help people be smarter when using applications, security experts say. Probably the most talked about security change in Windows 7, scheduled for public release on Thursday, are modifications to the UAC, which was introduced in Vista. The UAC was designed to prevent unauthorized execution of code by displaying a pop-up warning every time a change was being made to the system, whether by the operating system or a third-party application. Vista users complained that they were bombarded with the warnings and security experts speculated that as a result, many people were just ignoring them or turning them off.
With Windows 7, users can choose how often they want to be notified and the default is set to notify only when a third-party application is making a change, as well as when a
- 13 -

change is being made to the UAC itself. However, an attacker could use code injection and exploit several components in Windows 7 that auto-elevate to bypass UAC and get full access to the machine, experts have warned. A Sophos white paper from September says: “Another issue with these default (UAC) settings is that malware could bypass the system by injecting itself into a trusted application and running from there. Indeed, some malware has been observed spoofing UAC-style prompts to obtain user permission to operate unimpeded.”
Source: http://news.cnet.com/8301-27080_3-10380749-245.html
32.
October 22, The Register – (International) FBI and SOCA plot cybercrime smackdown. The FBI and the UK’s Serious and Organised Crime Agency have drawn up a program for dismantling and disrupting cybercrime operations. The effort relies on a better understanding of the business models of carders, malware authors and hacker groups which have increasingly come to resemble those of legitimate businesses. The three prong strategy aims to target botnet and malware creators, so-called bullet-proof hosting providers that offer hosting services to cybercrooks, and digital currency exchanges. Digital currency exchanges such as WebMoney and Liberty Reserve are central to the operation of the black economy, according to the head of intelligence at
SOCA’s e-crime department. During a keynote presentation at the RSA Europe
Conference, the head of intelligence and a FBI special agent used the Russian Business
Network (RBN) cybercrime network as an example of the type of criminal enterprise they were targeting. The now disbanded group used an IP network allocated by RIPE, a
European body that allocates IP resources, to host scam sites, malware and child porn.
The well attended presentation also included a comprehensive taxonomy of botnet types. Network of compromised PCs can be used for multiple purposes include proxies that supply anonymity (based on machines infected by malware strains such as Xsox), credential stealing (the notorious banking Trojan ZeuS and Torpig being the chief irritants in this category), web hosting (ASProx), spam distribution (Srizbi, Storm worm) and malware dropping botnets. Another vital component of the cybercrime economy is carder forums, described by Mularski as e-crime “supermarkets” for exploits, tools and stolen data that have adopted a mafia-style organisational structure.
These forums have splintered after law enforcement efforts that led to the demise of forums such as Shadowcrew and Carderplanet in 2004.
Source: http://www.theregister.co.uk/2009/10/22/soca_fbi_cybercrime_strategy/
33.
October 22, The Register – (International) Raytheon unveils Linux ‘Insider Threat’ rooter-out routers. US armstech mammoth Raytheon has announced that its
“government insider threat management solution” for information security will be powered by Linux. Penguin-inside crypto modules to be used in Raytheon’s molebuster tech have now passed tough federal security validation, apparently. The insiderthreat detector gear in question is Raytheon’s SureViewâ„¢, designed to root out the whole spectrum of security no-nos from “accidental data leaks” through “wellintentioned but inappropriate policy violations” to “deliberate theft of data”.
SureViewâ„¢ monitors every network sparrow that falls, looking automatically for
“Leading Indicator” actions, “such as a screen capture that has been encrypted and saved to a USB drive”, for instance. Having detected such a misdeed, the tech flags it
- 14 -

up for human security operators to replay and examine, in order to decide “was it accidental, reckless behavior or truly malicious behavior?” As part of all this, the
SureViewâ„¢ network-watching net needs to be secure itself. Most of it has already passed Federal Information Processing Standard (FIPS) 140-2 level 1, says Raytheon.
Now, with the final Linux crypto module also FIPS compliant, SureViewâ„¢ is ready to start sniffing out traitors, whistleblowers, leakers and/or incompetent users across the federal government.
Source: http://www.theregister.co.uk/2009/10/22/insider_threat_linux_powered/
34.
October 21, SCMagazine – (International) Oracle fixes 38 flaws, four earn highest severity rating. Oracle on October 20 delivered patches to correct 38 vulnerabilities across its line of products, including four that received the highest severity rating possible. On its popular Database Server product, Oracle’s quarterly security update corrected 16 flaws, six of which could be remotely exploited without authentication.
Three of the database bugs received a rare 10 out of 10 rating under the Common
Vulnerability Scoring System (CVSS), used to determine the flaw’s severity. In the case of those three vulnerabilities, a successful exploit could result “in a full compromise of the targeted system, down to the [Windows] operating system,” said the manager of security in Oracle’s global technology business unit, on a company blog.
On other platforms, however, the flaws garnered less serious ratings because an attack would not lead to a compromise at the operating system layer. The October 20 update also included patches for Application Server, E-Business Suite, PeopleSoft Enterprise,
JD Edwards Tools, WebLogic/JRockit and Communications Order and Service
Management. Half of the 38 total fixes could be remotely exploited without authentication.
Source: http://www.scmagazineus.com/Oracle-fixes-38-flaws-four-earn-highestseverity-rating/article/155862/
35.
October 21, CNET – (International) Microsoft fixing Bing bug that aided spammers. Microsoft on October 21 said it is fixing a bug in Bing that allowed spammers to bypass spam filters and distribute malicious links. Researchers at Webroot
Software discovered a spam campaign earlier this week that used the search engine’s own redirection mechanism and a link-shrinking technique to send people to spam Web pages, according to a post on the Webroot threat blog. The problem is with how Bing formats links in RSS feeds. The redirect from Bing to the spam site is not obfuscated, allowing scammers to append anything to the end of the Bing redirect URL and thus trick spam filters, said a threat researcher at Webroot. In the specific case, Webroot examined an RSS feed in Bing with a link that bounced through MySpace’s link shrinker and landed on the spam Web page that looked like a news site customized to the user’s geolocation and which offered vague work-from-home jobs.
Source: http://news.cnet.com/8301-27080_3-10380846-245.html
- 15 -

Internet Alert Dashboard
To report cyber infrastructure incidents or to request information, please contact US-CERT at sos@us-cert.gov
or visit their Website: http://www.us-cert.gov
.
Information on IT information sharing and analysis can be found at the IT ISAC (Information Sharing and
Analysis Center) Website: https://www.it-isac.org/.
[
Return to top
]
[
Return to top
]
36.
October 21, Charleston Daily Mail – (West Virginia) Crews working to repair telephone outages in eastern Kanawha County. Eastern Kanawha County residents may be experiencing phone and Internet service outages. Verizon confirmed a fiberoptic line under the Chesapeake Bridge was snagged and tore down earlier this morning. A Verizon spokesman said those Verizon customers in the 595 exchange are being affected. He could not say exactly how many customers are affected. Initial reports came in shortly before 9 a.m., the spokesman said. The spokesman said those customers in the 595 exchange are able to call other 595 numbers, but cannot call or be called from outside of the exchange.
Source: http://www.tmcnet.com/usubmit/2009/10/21/4437586.htm
[
Return to top
]
Nothing to report
37.
October 22, United Press International – (National) Memo lists Mount Rushmore security lapses. People are accessing areas normally off-limits to tourists at South
Dakota’s Mount Rushmore, which also lacks an adequate security system, a memo indicates. The memo on security threats to the national monument also said the ranger force is inadequate to protect visitors and the sculpture, USA Today reported Thursday.
The security review by the U.S. Park Service’s Midwest staff began after environmental activists hung a protest banner July 8 on the monument that features 60foot-tall sculptures of past presidents. The activists breached security and accessed anchors normally used by the National Park Service for periodic cleaning. “It concerns me that information about secure areas of Mount Rushmore was inadvertently put out in the public sphere and used by Greenpeace,” a U.S. Representative from the state said said in a statement. “Going forward, it’s critical for the safety of the monument that anyone who accesses these secure areas of the park understands the sensitive nature of the area.” Hundreds of people have been allowed in the secured areas for activities such
- 16 -

[
Return to top
]
as taking in views from the presidential pates, said the regional chief ranger in the
National Park Service’s Midwest office in Omaha. The report said the Park Service and the Justice Department will look into beefing up criminal penalties for climbing Mount
Rushmore.
Source: http://www.upi.com/Top_News/US/2009/10/22/Memo-lists-Mount-Rushmoresecurity-lapses/UPI-74371256215991/
38.
October 22, Austin American-Statesman – (Texas) LCRA opens floodgates at two dams. The Lower Colorado River Authority (LCRA) opened one of the floodgates at the Wirtz Dam at Lake LBJ and seven floodgates at Starcke Dam, which forms Lake
Marble Falls, Texas, a LCRA spokesman said. At about 8:20, the LCRA had partially closed the floodgate at Wirtz Dam and closed all but two and a partially opened floodgate at Starcke, he said. According to LCRA readings, Willow City near
Fredericksburg is the rainfall leader over the past 24 hours with 6.38 inches. Sandy
Creek near Kingsland had 5.94 inches during the same period. Burnet had 5.31 inches, blanco 5.13 inches and 4.95 inches at the Pedernales River near Fredericksburg, according to the LCRA readings. He said Lake Travis is expected to rise by about 11 feet over the next two or three days after the rain moves on this afternoon. The LCRA expects Lake Travis to top out at about 644 feet, which would put its level more than
20 feet below its 666.6 feet historical average, the spokesman said. At 7:15 a.m. Lake
Travis had an elevation of 636.02. The elevation is expected to rise up to 639 feet by noon today, and to between 640 feet and 642 feet midnight tonight. Over the next two to three days, the lake could rise to an elevation of up to 644 feet, he said. Lake Travis had already risen about 4 feet since early Thursday morning, when LCRA began passing runoff into the lake from the overnight rains, he said. Lake Buchanan may rise about half a foot to near 993 feet, he said.
Source: http://www.statesman.com/blogs/content/sharedgen/blogs/austin/weather/entries/2009/10/22/lcra_opens_floo_1.html
39.
October 22, Norwalk Reflector – (Ohio) Man finds pipe bomb, delivers it to sheriff. The Ashland County Bomb Squad detonated a homemade pipe bomb
Wednesday outside the Huron County Sheriff’s Office. A man came to the lobby about
12:55 p.m. and approached a sergeant about the bomb he found in Erie County near the
Coho Dam in the Milan Wildlife Area. The device, estimated to be 16 to 20 inches long and two to three inches in diameter, was about 15 feet from the 9-1-1 dispatching center when it was with the man. “He came directly here. ... He found it on his own. He thought he was doing us a favor,” a sheriff said. Deputies evacuated visitors from the
Huron County Jail and moved 20 patrol and person vehicles from the parking lot. “We got everybody out of there as soon as we could. We had them out of there in a good two minutes,” said a captain who helped a major find a safe spot outside for the bomb.
The major quickly carried the device about 275 feet away from the sheriff’s office and placed it inside a concrete culvert pipe to limit the potential damage area. The bomb
- 17 -

squad arrived at 12:25 p.m. and disarmed the bomb. It appeared the device also had light switch-like mechanism. “There was a tube within a tube,” the bomb squad leader said. “I think someone was trying to make a fire bomb.” The bomb squad also used a water cannon to detonate the outside tube.
Source: http://www.norwalkreflector.com/articles/2009/10/22/front/iq_843844.txt
[
Return to top
]
40.
October 21, WTOK 11 Meridian – (Mississippi) Long Creek Dam has leak. Water in the Long Creek Reservoir in Mississippi will remain low as the city simply does not have the funds to repair a leak discovered when the Mississippi Department of
Environmental Quality required municipalities to evaluate dams. “They were afraid that water was taking some dirt, which was the beginning of a bad leak. And so by not having the water pressure on, it is not moving dirt so we are in a safe mode now,” said the public works director. The concern over a dam breach is extremely low, but, just in case, those residents living near the lake have been put on the city’s Code Red alert system that would automatically dial out in the case of an emergency.
Source: http://www.wtok.com/news/headlines/65345217.html
- 18 -

DHS Daily Open Source Infrastructure Report Contact Information
About the reports - The DHS Daily Open Source Infrastructure Report is a daily [Monday through Friday] summary of open-source published information concerning significant critical infrastructure issues. The DHS Daily
Open Source Infrastructure Report is archived for ten days on the Department of Homeland Security Website: http://www.dhs.gov/iaipdailyreport
Contact Information
Content and Suggestions:
Subscribe to the Distribution List:
Removal from Distribution List:
Send mail to NICCReports@dhs.gov
or contact the DHS Daily
Report Team at (202) 312-3421
Visit the DHS Daily Open Source Infrastructure Report and follow instructions to Get e-mail updates when this information changes .
Send mail to support@govdelivery.com
.
Contact DHS
To report physical infrastructure incidents or to request information, please contact the National Infrastructure
Coordinating Center at nicc@dhs.gov or (202) 282-9201.
To report cyber infrastructure incidents or to request information, please contact US-CERT at soc@us-cert.gov or visit their Web page at www.us-cert.gov
.
Department of Homeland Security Disclaimer
The DHS Daily Open Source Infrastructure Report is a non-commercial publication intended to educate and inform personnel engaged in infrastructure protection. Further reproduction or redistribution is subject to original copyright restrictions. DHS provides no warranty of ownership of the copyright, or accuracy with respect to the original source material.
- 19 -