Homeland
Security
Current Nationwide
Threat Level
ELEVATED
Daily Open Source Infrastructure
Report for 28 September 2010
Significant Risk of Terrorist Attacks
For information, click here:
http://www.dhs.gov
Top Stories

The Pentagon is refusing to comment on widespread accusations it is responsible for
coordinating a cyber-attack with the “Stuxnet Worm” against Iran’s nuclear facilities,
assaults Iran only recently confirmed. (See items 42 and 50)

As many as 100 homes could be affected by flood waters in Wisconsin due to the failure of
a 120-year-old sand levee along the Wisconsin River. (See item 68)
Fast Jump Menu
PRODUCTION INDUSTRIES
• Energy
• Chemical
• Nuclear Reactors, Materials and Waste
• Critical Manufacturing
• Defense Industrial Base
• Dams
SUSTENANCE and HEALTH
• Agriculture and Food
• Water
• Public Health and Healthcare
SERVICE INDUSTRIES
• Banking and Finance
• Transportation
• Postal and Shipping
• Information Technology
• Communications
• Commercial Facilities
FEDERAL and STATE
• Government Facilities
• Emergency Services
• National Monuments and Icons
Energy Sector
Current Electricity Sector Threat Alert Levels: Physical: ELEVATED,
Cyber: ELEVATED
Scale: LOW, GUARDED, ELEVATED, HIGH, SEVERE [Source: ISAC for the Electricity Sector (ES-ISAC) [http://www.esisac.com]
1. September 26, Bay City News – (California) PG&E recommends energy
conservation after heat knocks out power for more than 30,000. PG&E officials are
recommending careful energy conservation September 26 and during the week’s
forecasted heat wave after more than 30,000 Castro Valley, California customers lost
power September 25 due to system overload. The power outage was reported just
before 6 p.m. and affected up to 33,680 customers in Castro Valley and Hayward, a
PG&E spokesman said. He said the cause of the power loss was a heat-related
-1-
equipment failure at PG&E’s Castro Valley. Power was fully restored to the area by
about 8:40 p.m.
Source:
http://www.insidebayarea.com/oaklandtribune/localnews/ci_16180235?source=rss
2. September 25, Detroit News – (National) Tree crushes man in wind storm; outages
reported. A wicked windstorm September 24 caused the death of a 54-year-old
Detroit, Michigan man, who was crushed by a toppled tree, and knocked out power to
at least 35,000 area residents. The man had just left his home on the 1200 block of
Virginia Park about 10:30 a.m. when a tree fell on him, a Detroit police sergeant said.
By the afternoon of September 24, power was restored to about one third of the
customers, but 22,000 remained without electricity throughout Metro Detroit, a DTE
Energy spokesman said. Southland Mall in Taylor also briefly lost power during the
storm with gusts of up to 45 mph.
Source: http://www.detnews.com/article/20100925/METRO/9250346/1409/Treecrushes-man-in-wind-storm--outages-reported
3. September 25, WWL 4 New Orleans – (Louisiana) Gretna man killed in Lafayette
explosion. A 27-year-old Gretna, Louisiana man is dead after an explosion during an
oil field equipment test September 24. The explosion happened on Southwood Road in
Broussard, Louisiana, just outside of Lafayette. State police said a piece of oil field
equipment exploded during a pressure test at a company called Supreme Services.
Workers were using nitrogen to conduct the test. The man was killed when a piece of
pipe blew off during the explosion and struck him. No chemicals were released in the
explosion.
Source: http://www.wwltv.com/news/Gretna-man-killed-in-Lafayette-explosion103796929.html
4. September 24, Freeport Journal-Standard – (Illinois) Truck carrying ethanol rolls
over on U.S. 20. Portions of U.S. 20 were closed for approximately 12 hours after a
truck carrying ethanol rolled over east of the Stephenson County Visitors Center in
German Valley, Illinois shortly after 3 a.m. September 24. A German Valley Fire
Department captain said the one-vehicle accident did not result in any serious injuries.
However, concerns linked to an ethanol leak drew the attention of numerous local
agencies and disrupted traffic throughout the morning and early afternoon. The
Stephenson County Sheriff’s Office first received a call at 3:08 a.m. After it became
clear the truck was carrying ethanol, members of the Stephenson County Hazardous
Materials team were dispatched to the scene. While major leaking did not occur, the
incident prompted local authorities to evacuate three homes near the accident.
Source: http://www.journalstandard.com/features/x802538271/Truck-carrying-ethanolrolls-over-on-U-S-20
For more stories, see items 50 and 63
[Return to top]
-2-
Chemical Industry Sector
5. September 26, Associated Press – (Maine) Small chemical spill reported at Maine
plant. Officials say a small chemical spill has been cleaned up at Cyro Industries, a
plastic sheet manufacturing plant in Sanford, Maine. A fire lieutenant said officials
were called at about 8:30 a.m. September 26 to the plant. An employee was
accidentally sprayed with a chemical known as methyl methacrylate monomer when it
spilled from a tanker truck that was being unloaded. In all, about 20 gallons of the
chemical spilled. By the time an emergency response team arrived, the worker was
taking a shower to clean off. The employee was taken to Goodall Hospital as a
precaution. Officials said Cyro employees cleaned up the spill.
Source: http://www.necn.com/09/26/10/Small-chemical-spill-reported-at-Mainep/landing.html?&blockID=3&apID=dcabf9a86cbf47d38e1bf419111a86a8
6. September 25, Bay City Tribune – (Texas) Plane crashes in Blessing. A few Blessing,
Texas, area residents heard a pop and saw one of Fehmel’s Crop Dusting aircraft go
hurtling towards the ground where it crash-landed on the bank of the Tres Palacios
River near Hawley Cemetery about noon September 24. The crop duster, while on an
aerial application flight, struck a power line and crashed the Gulfstream fixed-wing,
single-engine plane, according to a Federal Aviation Administration spokesperson.
Only the pilot was on board when the crash occurred and he sustained serious injuries
requiring him to be flown by medical helicopter to Hermann Memorial Hospital in
Houston for treatment, according to one of the first emergency responders on the scene.
When the plane clipped the high voltage powerline, it caused a momentary loss of
power at LyondellBassell Chemical plant, said an AEP Texas spokesperson. “My
information is it caused enough of a dip in their voltage that it forced them to take their
plant off production temporarily,” he said. The Matagorda County Emergency
Management coordinator said because the plane was carrying chemicals for agricultural
use and the crash occurred in a waterway, the Texas Commission on Environmental
Quality required a hazardous material clean-up crew to treat and vacuum the wreck
site.
Source: http://baycitytribune.com/story.lasso?ewcd=282ff0bddf609386
7. September 24, Associated Press – (Missouri) 20,000 pounds of fertilizer spill near I35 in Mo. Several businesses were evacuated and a section of Interstate 35 is closed
September 24 near Cameron, Missouri, after about 20,000 pounds of fertilizer spilled
from a tanker truck. A Cameron police sergeant said traffic was being diverted off the
highway and through the small town because of the fertilizer’s volatility. He said
businesses near the highway intersection, including a McDonald’s, a motel and a
convenience store, had been evacuated. A tanker truck carrying 40,000 pounds of
fertilizer pulled into an empty lot across from a truck stop, got stuck in mud and hooked
on something, causing the ammonium nitrate mixture to spill. About half poured out. I35 runs from northern Minnesota to Laredo, Texas. It’s the major highway connecting
Kansas City to Des Moines, Iowa.
Source: http://www.necn.com/09/24/10/20000-pounds-of-fertilizer-spill-near-I/landing.html?&blockID=3&apID=3caa9dfabfef4d02b645476d6fdf5cd5
-3-
For another story, see item 29
[Return to top]
Nuclear Reactors, Materials and Waste Sector
8. September 27, New York Daily News – (New York) Paterson vetoes bill to move
radioactive-waste station away from PS 84. Parents and activists are furious that the
New York governor vetoed a bill that would move a radioactive-waste station located
near a public school in the Williamsburg section of Brooklyn. Radiac Corp. stores and
processes radioactive and hazardous waste in a three-building complex on Kent Ave.,
which is about a block from Public School 84 on S. First St. A bill that would force
Radiac to move passed both houses of the state legislature in July, but the governor
rejected it this month on grounds that it would harm area hospitals that depend on
Radiac’s services. Neighborhood parents are enraged that the governor has allowed the
company to conduct its business so close to a public school.
Source: http://www.nydailynews.com/ny_local/brooklyn/2010/09/27/2010-0927_toxic_waste_site_to_stay_gov_vetoes_bill_to_move_biz_near_ps_84.html
9. September 25, Daily Comet – (Georgia; South Carolina) Nuclear waste panel to visit
Ga. plant, S.C. site. A panel examining how the United States should store nuclear
waste will visit Plant Vogtle in eastern Georgia and the Savannah River Site in South
Carolina next year. A retired General who also served as National Security Advisor and
who serves as the commission co-chairman, said panel members will arrange in
January to visit Plant Vogtle near Waynesboro, and the former bombmaking plant in
neighboring South Carolina. Panel members will also visit a waste isolation plant in
New Mexico. The U.S. President created the commission after his administration
abandoned a proposed nuclear waste storage site in Nevada. The commission is slated
to make the first of its recommendations in fall 2011. The Atlanta-based Southern Co.
and its partners are seeking to build two new reactors at Plant Vogtle.
Source:
http://www.dailycomet.com/article/20100925/APN/1009251391?Title=Nuclear-wastepanel-to-visit-Ga-plant-SC-site
10. September 25, Burlington Free Press – (Vermont) Vermont Yankee OK in ‘09, state
says. The Vermont Health Department has given the state’s Vermont Yankee nuclear
plant in Vernon a clean bill of health for 2009. The health department has found that no
significant adverse health effects from radiological exposures resulted from the plant’s
operations last year. Even with the leak of radioactive tritium at the plant — first noted
in November and made public this January — the state said Vermont Yankee stayed
within compliance limits for radioactive releases. But the health department said the
leaks of tritium and other substances, which grew worse in early 2010, have prompted a
beefed up long-term monitoring program at the plant.
Source:
http://www.burlingtonfreepress.com/article/20100925/NEWS07/9250313/VermontYankee-OK-in-09-state-says
-4-
For another story, see item 50
[Return to top]
Critical Manufacturing Sector
11. September 27, Reuters – (International) Hyundai to recall Sonata sedans in
U.S. Hyundai Motor, South Korea’s top automaker, will recall some 139,500 Sonata
sedans sold in the United States, due to problems with the steering wheel that could
cause a loss or reduction of control. The automaker announced the recall after the U.S.
National Highway Traffic Safety Administration (NHTSA) opened a probe into
steering problems in August, a move analysts said was aimed at heading off criticism
that it was slow to respond. No accidents or injuries occurred as a result of improper
assembly or loose steering connections, Hyundai said in an e-mail statement September
26. The company’s latest recall comes as the automaker seeks to increase production of
the Sonata, its best-selling model in America, at its plant in Alabama.
Source: http://www.reuters.com/article/idUSTRE68P0BO20100927
12. September 25, Middletown Journal – (Ohio) Machine catches on fire at steel plant. A
small fire forced the temporary evacuation September 24, of a Middletown, Ohio steel
company. A piece of machinery caught fire shortly before 9 a.m. filling Excelsior Steel
Processing with smoke. There were no injuries. The fire was put out before 9:30 a.m. at
the business, which is located in Midd Cities Industrial Park, 2601 S. Verity Parkway.
Damage is estimated at $10,000. The cause of the flames was a spark from a sanding
process to polish steel. Metal shavings in the bottom of the sanding machine caught
fire, then burnt the machine itself. “It’s happened before, but not very often,” said the
operations manager for Excelsior.
Source: http://www.middletownjournal.com/news/crime/machine-catches-on-fire-atsteel-plant-941139.html
13. September 24, Waterloo-Cedar Falls Courier – (Iowa) GMT in Waverly was in
lockdown during standoff. GMT locked down its Waverly, Iowa machinecomponents plant for several hours September 23 after a report a person was making
threats against its employees. The situation developed shortly before 10 a.m. and
prompted law enforcement to track down the individual in Shell Rock, according to the
Bremer County Sheriff’s Office. Deputies and Waverly police apprehended the man
about 1 hour later. Initially, the man refused to get out of his pickup, but authorities at
the scene were “able to talk him out of his vehicle without incident,” the Bremer
County sheriff said. The sheriff’s office and GMT company officials did not release
specifics about the nature of the alleged threats or how they were reportedly made. The
sheriff’s office did report the man never gained access to GMT facilities.
Source: http://wcfcourier.com/news/local/article_aca3f734-c749-11df-9243001cc4c03286.html
[Return to top]
-5-
Defense Industrial Base Sector
14. September 27, TG Daily – (National) Junk-tracking satellite sends back first
signals. Boeing has received the first signals from its Space Based Space Surveillance
(SBSS) satellite following its launch September 25 from Vandenberg Air Force Base,
California. The signals show it is functioning normally and is ready to begin orbital
maneuvers and operational testing. The SBSS Block 10 satellite will be the Air Force’s
only space-based sensor capable of detecting and monitoring debris, satellites and other
space objects, and thus won’t be disrupted by weather, atmosphere or time of day like
ground-based systems. The launch was postponed several times because of problems
with the booster. The satellite and its ground system are expected to improve the
accuracy and timeliness of tracking and monitoring capabilities dramatically. The team
said it can provide the flexibility to quickly respond to new and changing mission
requirements. Shortly after launch, the satellite began an automated sequence that
deployed solar arrays, pointed them at the sun, and initialized satellite operations. For
the next 2 weeks, operators will carry out health checks on the satellite bus, followed
by payload checkout. Tests include sending simulated space situational awareness tasks
to the operations center, which will send commands to the satellite and collect data
from those tasks for the Air Force Joint Space Operations Center. The SBSS system is
expected to be turned over to the Air Force within 60 days.
Source: http://www.tgdaily.com/space-features/51722-junk-tracking-satellite-sendsback-first-signals
[Return to top]
Banking and Finance Sector
15. September 27, The Register – (International) ZeuS attacks mobiles in bank SMS
bypass scam. Security researchers have warned that cybercrooks might be able to
compromise online bank accounts even in cases where banks use SMS messages to
authorize transactions. The approach relies on first compromising a targeted user’s
computer using a variant of the ZeuS banking Trojan before infecting the same user’s
smartphone. Thereafter it would be possible to initiate a transaction and authorize it
following the receipt of a SMS message to a second compromised device. The socalled ZeuS Mitmo (man-in-the-mobile) attack is explained in a blog post by a
researcher of S21sec e-crime. It relies on tricking a user into getting infected by Zeus
on the desktop, perhaps via a targeted e-mail that points to a booby-trapped Web site or
contains an infected attachment. Thereafter, a user’s log-in credentials are captured the
next time she logs into an online banking site. The malware then generates a fake
dialog box that attempts to trick the victim into disclosing the number and manufacturer
of her mobile phone. The phone would then be sent a fake security certificate, which is
actually a malicious banking Trojan tailored to the target’s smartphone (Symbian or
BlackBerry). The malicious application then monitors all incoming SMS as well as
installing a backdoor to receive commands via SMS, from a designated command and
control number, which can be altered. The approach is plausible if a little convoluted,
but the added complexity may be worth it in targeted attacks, perhaps against
-6-
organizations or wealthy individuals whose banks use SMS notification for two factor
authentication of transactions.
Source: http://www.theregister.co.uk/2010/09/27/zeus_mobile_malware/
16. September 27, Beaufort County Island Packet – (South Carolina) Ex-loan officer to
plead guilty in fraud scheme. A former mortgage loan officer at Carolina First Bank
on Hilton Head Island in South Carolina is scheduled to plead guilty September 27 to
one count of conspiracy to commit bank fraud in connection with a scheme that cost
banks as much as $7 million, according to a U.S. attorney. Prosecutors said the former
mortgage loan officer used inflated appraisals to fraudulently arrange residential
mortgages for “straw purchasers,” and then used the difference between the inflated
mortgage proceeds and the actual value of the property to pay the straw purchasers,
himself and others, according to court documents. Most of the properties involved are
in Beaufort County. The loan officer said he is sorry and wants to take responsibility
for his actions. Court documents state the alleged conspiracy cost Carolina First and
other financial institutions $2.5 million to $7 million. The loan officer received more
than $495,000 in kickbacks for the sale of eight homes, according to the documents.
Upon conviction, he would have to forfeit any property he obtained as a result of the
alleged conspiracy. The defendant faces a maximum of 30 years in prison, 5 years of
supervised release, and a $1 million fine.
Source: http://www.islandpacket.com/2010/09/27/1386085/ex-loan-officer-to-pleadguilty.html
17. September 26, China Post – (New York) Norwegian central bank sues Citigroup for
fraud. Norway’s central bank has sued New York-based Citigroup for allegedly
providing false financial statements that led to losses of about $835 million, a Citi
official said September 24. Norges Bank complained Citigroup repeatedly issued
“untrue statements and non-disclosure of material information to investors,” which led
the bank to purchase Citi securities at inflated prices between 2007 and 2009. “Norges
Bank lost in excess of $735 million on its investments in Citigroup common shares, and
in excess of $100 million on its investments in bonds and preferred shares,” according
to the lawsuit, filed in a Manhattan federal court earlier this month. “When the market
slowly learned the truth of Citi’s financial condition, Citi came close to insolvency, and
plaintiff lost a substantial amount of its investment,” it said. A Citigroup official said:
“We believe the suit has no merit and we will defend ourselves vigorously.” Other than
setting monetary policy in Norway, Norges Bank oversees one of the largest sovereign
wealth funds in the world, the Government Pension Fund-Global, which holds
hundreds of billion of dollars in assets. Citigroup, once the world’s largest bank, also
faces a lawsuit filed in August 2009 by seven Norwegian towns, and an investment
house that had lost millions in debt obligations sold by Citigroup.
Source: http://www.chinapost.com.tw/business/companyfocus/2010/09/26/273962/Norwegian-central.htm
18. September 25, Bank Info Security – (National) Two banks closed on Sept. 24. Federal
and state banking regulators closed two banks September 24. These failures raise the
total number of failed institutions to 144 so far in 2010. Haven Trust Bank Florida,
-7-
Ponte Vedra Beach, Florida, was closed by the Florida Office of Financial Regulation,
and the Federal Deposit Insurance Corporation (FDIC) was appointed receiver. First
Southern Bank, Boca Raton, Florida, will assume all Haven Trust deposits. The two
branches of Haven Trust will reopen as branches of First Southern. Haven Trust had
$148.6 million in assets. The estimated cost to the Deposit Insurance Fund (DIF) will
be $31.9 million. North County Bank, Arlington, Washinton, was closed by the
Washington Department of Financial Institutions. The FDIC was appointed receiver.
Whidbey Island Bank, Coupeville, Washington, will assume all of the deposits of North
County Bank. The FDIC estimates that the cost to the DIF will be $72.8 million.
Source: http://www.bankinfosecurity.com/articles.php?art_id=2948
19. September 24, The New New Internet – (California) Hackers steal hundreds of creditcard numbers from restaurant patrons. Visits to several California-based restaurants
turned out much more expensive than customers ever imagined. Police in Roseville,
California, the week of September 13 revealed that nearly 200 customers had their
credit-card numbers stolen after patronizing the eateries. While the police did not reveal
which restaurants were affected due to the ongoing investigation, they said the
restaurants themselves are not responsible. “We believe the breach is not actually at the
restaurant but a third-party vendor that’s in the process between using your credit card
at the restaurant and actually billing the bank,” a police captain told 3KCRA. Because
of the complexity of the scheme, Roseville police have asked the Secret Service for
help catching the criminals. In Davis, police are dealing with similar issues. They have
seen a 50 percent increase in identity thefts. While police will not say where the cards
are being copied, they revealed that crooks use them at Target stores in the Bay Area
and as far away as Irvine.
Source: http://www.thenewnewinternet.com/2010/09/24/hackers-steal-hundreds-ofcredit-card-numbers-from-restaurant-patrons/
20. September 24, Associated Press – (Illinois) 2 charged in alleged investment fraud
scheme. Federal prosecutors in Chicago, Illinois said they have indicted a California
woman and a man who once lived in the Chicago suburb of Northfield on wire fraud
charges in an investment scheme that allegedly swindled some 70 investors out of more
than $30 million. A U.S. attorney announced September 24 that the charges were filed
1 day earlier against a 60-year-old woman of Canyon Country, California, and 45-yearold former Northfield man, who is now believed to be living in Texas. The U.S
attorney said the suspects were the top officers of Unified World Transport LLC, a
voice-over-Internet communications company based in Santa Monica, California, and
allegedly misappropriated more than $12 million in investors’ funds for their own use.
Source: http://www.mercurynews.com/breaking-news/ci_16167462?nclick_check=1
[Return to top]
Transportation Sector
21. September 26, Associated Press – (International) Jet evacuated in Sweden after
threat. Canadian police are investigating whether a phoned-in hoax caused a Pakistani
-8-
jet to be diverted to Stockholm, Sweden for several hours September 25 for fear that
one of its passengers was carrying explosives. Police evacuated 273 people from the
jet, and briefly detained a Canadian man, after an anonymous caller in Canada tippedoff authorities that the suspect was carrying explosives. No explosives were found on
the man, who was released after questioning by police, or on the Boeing 777 from
Pakistan International Airlines, which had been bound from Toronto to Karachi,
Pakistan. The Royal Canadian Mounted Police said it was investigating whether the
incident was a “terrorism hoax.” Swedish police described the suspect as a Canadian
citizen born in 1982. Initially they said he was of Pakistani background but later said
they were not sure.
Source: http://www.nytimes.com/aponline/2010/09/25/world/europe/AP-EU-SwedenPlane.html?_r=1&partner=rss&emc=rss
22. September 26, San Jose Mercury News – (California) Armed men in black create a
ripple at Mineta San Jose International Airport. About 3 p.m. September 25, a
white Chevy Blazer pulled up to the arrival curb outside Terminal A at Mineta San Jose
International Airport in San Jose, California. Two men dressed in black approached the
information desk to inquire about American Airlines Flight 1205 from Dallas, Texas.
Both carried assault rifles strapped across their chests, with handguns in their holsters.
Then the pair casually waited near the escalator that ferries travelers to the luggage
carousels. It appears that airport travelers either figured the pair’s mission was benign,
or thought they were part of a movie. San Jose police said they received no calls about
the men with rifles. Soon, the armed pair greeted another man wearing a baseball cap
after he descended the escalator. Together they picked up about a half-dozen pieces of
luggage, loaded them into the white SUV and drove off. It turns out the men with the
assault rifles were from Lawrence Livermore National Laboratory in Livermore,
California and were meeting another security staffer returning from assignment, a lab
spokesman said. San Jose police and airport officials, who were unaware of the armed
greeting until questioned by reporters the following day, said protocol is for a law
enforcement agency to give notice when sending armed personnel into another
agency’s jurisdiction. An airport videotape showed the men in the baggage area for 7 or
8 minutes. A police spokesman said that it isn’t unusual, especially on weekends, for
Lawrence security guards to meet personnel at airports.
Source: http://www.mercurynews.com/ci_16181812?source=most_viewed
23. September 26, Associated Press – (New York) Delta jet makes emergency landing at
JFK. Landing gear problems caused Delta Connection jet with 60 passengers on board
to make an emergency landing at John F. Kennedy International Airport in New York
City. A Port Authority spokesman said Delta Connection Flight 4951, operated by
Atlantic Southeast Airlines, landed safely at about 8:20 p.m. September 25. He said
there were no reports of injuries or fire. An Atlantic Southeast Airlines spokesman said
all passengers exited safely through the main door onto the tarmac and were bused to
the terminal. He said the airline was working with the Federal Aviation Administration
and the National Transportation Safety Board to investigate the landing gear problem.
Source: http://www.eturbonews.com/18735/delta-jet-makes-emergency-landing-jfk
-9-
24. September 26, msnbc.com and Associated Press – (Washington) Unruly passenger
forces jet to turn back. An unruly passenger on a Delta airlines plane bound for
Amsterdam, Netherlands forced pilots to return the plane to Seattle-Tacoma
International Airport in SeaTac, Washington shortly after take-off, an airline
spokeswoman said September 26. She said Flight 224 left the airport just after 6 p.m.
About 30 minutes later, she said, a passenger disturbance prompted pilots to return. The
plane landed safely at 7:27 p.m. No one was injured. The unruly passenger was
removed from the plane and taken to a local medical facility, according to the
Transportation Security Administration (TSA). The flight was scheduled to land at
Amsterdam Schiphol Airport in the early afternoon September 27. The plane was swept
for safety but nothing was found, TSA officials said. A total of 215 passengers were on
board Delta flight 224, which is also marketed as codeshare KLM flight 6024. It was
not immediately clear if the passenger involved is American, Dutch, or of another
nationality.
Source: http://www.msnbc.msn.com/id/39364674/ns/us_news-airliner_security/
25. September 24, Somerset Daily American – (Pennsylvania) Crews respond to train
derailment. A three-car train derailment occupied emergency responders for most of
the evening September 24.. Two cars and a small switching engine are believed to have
rolled away from a depot at the North American Hoganas manufacturing plant, in
Quemahoning Township, Pennsylvania, Somerset County Control dispatchers said.
According to radio reports, emergency responders found the overturned cars lying in
front of a bridge with no evidence of a crew or passengers having been on board. No
injuries were reported although diesel leaking from the engine made the dispatch of a
haz-mat crew necessary. Accessing the site was difficult for responders who had to
walk several hundred yards along the railroad tracks to find the overturned cars.
Firefighters from Hollsopple, Conemaugh Township, Scalp Level/Paint, Sipesville,
New Centerville and Berlin were all on hand as part of the cleanup crew. Paint
Township police and Conemaugh Township EMS were also dispatched to the scene.
Source: http://www.dailyamerican.com/articles/2010/09/24/news/local/news104.txt
For more stories, see items 4 and 7
[Return to top]
Postal and Shipping Sector
26. September 25, Ocala Star-Banner – (Florida) Explosive device found in mailbox. A
U.S. postal worker delivering mail made a startling discovery September 25 when she
found a suspicious device inside a mailbox in Ocala, Florida. Ocala police said the mail
carrier contacted a supervisor, who in turn called officers. Responding to Saddle Creek,
a subdivision located in Fore Ranch off State Road 200, officials said the device had
exploded but did not damage the mailbox. The device was described as a bottle that had
some type of liquid inside. Ocala Fire Rescue, along with the Marion County Fire
Rescue Hazmat team, went to the scene. The sheriff’s office bomb squad also assisted
in the investigation. Police have classified the investigation as a criminal investigation.
- 10 -
Source: http://www.ocala.com/article/20100925/ARTICLES/100929758/1/news?Title=Explosive-device-found-in-mailbox
[Return to top]
Agriculture and Food Sector
27. September 26, New York Times – (Pennsylvania; Maryland; New Jersey) Move over,
bedbug: The stink bug has landed. Damage to fruit and vegetable crops from stink
bugs in Middle Atlantic states has reached critical levels, according to a government
report. That is in addition to the headaches the bugs are giving homeowners who cannot
keep them out of their living rooms — especially the people who unwittingly step on
them. When stink bugs are crushed or become irritated, they emit a pungent odor that is
sometimes described as skunklike. Farmers in Maryland, New Jersey, Pennsylvania and
other states are battling a pest whose appetite has left dry boreholes in everything from
apples and grapes to tomatoes and soybeans. Stink bugs have made their mark on 20
percent of the apple crop at Scenic View Orchards in Maryland. Other farmers report
far worse damage. Government and university researchers said they need more time to
study the bug, which has been in the United States since about 1998. Native to Asia, it
was first found in Allentown, Pennsylvania, and has no natural enemies here. Some
people noticed an increase in the stink bug population last year, but all agreed that this
year’s swarm was out of control. Researchers said the bugs reproduced at a faster rate
this year, but they are unsure why.
Source: http://www.newsobserver.com/2010/09/27/704985/move-over-bedbugs-stinkbugs-have.html
28. September 25, Associated Press – (Kansas) Autopsy reports show that 2 men died
from asphyxiation in accident at Lawrence company. Recently released autopsy
reports show that two men died in April from asphyxiation in an industrial accident at
MagnaGro International, a fertilizer company in Lawrence, Kansas. The Lawrence
Journal World reported that autopsies show that the 25- and 51-year-old victims were
overcome by fumes April 1 while they were cleaning a storage tank. The Douglas
County and Shawnee County coroner’s offices performed the autopsies. The U.S.
Occupational Safety and Health Administration has cited MagnaGro International for
11 violations. The violations included not giving employees protection from falls
outside the molasses storage tanks or proper ventilation inside the tanks.
Source: http://www.fox4kc.com/news/sns-ap-ks--magnagro-autopsies,0,1455791.story
29. September 25, WSJM 94.9 FM Benton Harbor – (Michigan) Everyone OK in winery
ammonia leak. More than 100 pounds of ammonia leaking at the St. Julian Winery in
Paw Paw, Michigan, forced many people to go to the hospital September 24. About a
dozen people were sent to the hospital after breathing fumes from the substance. All are
in good condition. Between 100 and 300 pounds poured out of a refrigeration system
near the center of the facility at approximately 3 p.m. Crews closed the areas and shut
off power to prevent an explosion from any gas that evaporated.
Source: http://www.wsjm.com/Everyone-OK-In-Winery-Ammonia-Leak/8222043
- 11 -
30. September 24, Food Safety News – (California; International) Ginger candy recalled
in California for lead. The California Department of Public Health (CDPH) warned
consumers this week not to eat “Ginger Candy” imported from China due to potential
lead contamination. According to a CDPH press release, the candy, which was
manufactured by Dai jyoBu in China, and distributed by Anhing Corporation in Los
Angeles, contained more than twice the amount of lead that California allows in candy
products. California considers candies with lead levels in excess of 0.10 parts per
million (ppm) of lead to be contaminated; the Ginger Candy test results revealed 0.25
ppm of lead. Anhing has recalled the candy and is working with distributors and
retailers to ensure the product is taken off store shelves. Although there have been no
illnesses associated with the consumption of the “Ginger Candy,” anyone who has
purchased the candy should discard it immediately.
Source: http://www.foodsafetynews.com/2010/09/ginger-candy-recalled-in-californiafor-lead/
31. September 24, San Jose Mercury News – (California) Grape-eating moth spotted
near Gilroy; emergency ordered in Santa Clara County. A state emergency order
was issued following the discovery of three grape-eating moths in South Santa Clara
County, California — a cause of grave concern for winegrowers and anyone who
craves a glass of chardonay or merlot. Three European Grapevine Moths were
discovered the week of September 20 on two vineyards west of Gilroy and Morgan
Hill, the county’s acting agricultural commissioner said. It is the first time the moths,
which can destroy a vineyard, have been found in Santa Clara County. Officials
classify three moths as an “infestation.” When the moths, formally known as Lobesia
botrana, were spotted in Napa County in 2009, getting rid of them proved to be a costly
affair, winegrowers reported. Thousands of dollars are being spent on rigorous
equipment cleaning and self-inspections. Actions for the affected winegrowers — 39 of
them in South County — will get more serious in the spring, when the moths are in
their larval stage. That is when they attack the grapes and will need to be treated.
Winegrowers will need to get rid of the worms by choosing either pesticides,
pheromones or other ways to kill or stop them.
Source: http://www.mercurynews.com/breaking-news/ci_16165002?nclick_check=1
32. September 24, Fort Worth Star-Telegram – (Texas) Fort Worth Sonic restaurant
evacuated after bomb scare. Authorities evacuated a Sonic Drive-In restaurant in Fort
Worth, Texas, after pulling over a pickup carrying what appeared to be a bomb
September 24, firefighters said. But it turned out to be some sort of appliance, a fire
department spokesman said. Fire officials are unsure what the appliance was for or
what it does. Police found a white PVC pipe with wires protruding from it in the bed of
a truck believed to be stolen. The bomb squad was called, and a water cannon was used
to break open the pipe. That revealed copper tubing inside, the spokesman said. The
squad’s first attempt to break open the copper tubing failed, and it X-rayed the device
about 7:30 p.m. About 8:45 p.m., the bomb squad tried again and determined that the
device was not explosive. Police said the truck’s driver was taken into custody. The
Sonic manager said the evacuation began about 4:30 p.m. “We were still running
business, but about 5:30 p.m. they told us to get out,” she said. The parking lot was
- 12 -
roped off. Northbound traffic on Trail Lake was blocked, and other traffic was diverted.
Source: http://www.star-telegram.com/2010/09/24/2493560/fort-worth-sonicrestaurant-evacuated.html
33. September 24, KOHD 51 Bend – (Oregon) Fire forces evacuation at Erickson’s. The
Erickson’s Thriftway grocery store on Greenwood in Bend, Oregon, was evacuated
September 24. The building filled with smoke around 1:30 p.m., employees and
customers quickly getting out. The Bend Fire Department arrived going into the kitchen
area at the back of the store. Damage was minimal, but a smoky haze remained inside
the store long after fire crews had cleared the flames. The fire department set up fans to
ventilate the building, measuring the level of smoke in the air before letting employees
and customers go back inside.
Source: http://kohd.com/news/local/189928
For more stories, see items 6, 7, and 36
[Return to top]
Water Sector
34. September 26, Lexington Herald-Leader – (Kentucky) Raw sewage pours into South
Elkhorn Creek. A malfunctioning valve allowed raw sewage to pour into South
Elkhorn Creek in Lexington, Kentucky late September 23 and early September 24,
killing an unknown number of fish, a Lexington official said. The spill began near Old
Bridge Lane off Harrodsburg Road, said a spokeswoman for the mayor. An estimated
83,000 gallons poured from the 4-inch valve, which was attached to a 36-inch sewer
line, she said. The spill was reported at 11:15 p.m. September 23 and was contained by
5:30 a.m. September 24. The valve is designed to let air escape from sewer lines.
Sometimes such valves become clogged with cigarette butts and other debris and stick
in an open position.
Source: http://www.kentucky.com/2010/09/26/1451242/raw-sewage-pours-into-southelkhorn.html
35. September 25, Deseret News – (Utah) Oil-like substance spotted in Strawberry
River. Authorities in Duchesne, Utah, are investigating what appears to be an
intentional dumping of an unknown oil product into the Strawberry River. The
substance was spotted in a stretch of the river just south of the Duchesne County
Fairgrounds around 1:30 p.m. September 24 by an individual walking on a path near
the river, the Duchesne County Fire and Emergency Management director said. On
September 25, the contamination made its way to the Duchesne River, though there has
been no exposure to culinary waters. As of the morning of September 25, the spill was
impacting about 3 to 4 river miles. Officials said there are indications someone put a
hose into the river and opened it. They believe it a water truck may have backed up to
the river and dumped its load. Both the Myton and Duchesne fire departments have sent
hazardous materials teams to the spill site to place booms at several points along the
river to try and prevent spreading. On September 25, there were large, black chunks,
- 13 -
some as large as footballs, of the oil-like substance along the shore of the river. An
environmental clean up company from Salt Lake City responded to direct clean-up
efforts. Crews set up containment booms to try and prevent further spreading. The state
department of environmental quality was also at the site to take samples. The Duchesne
County Sheriff’s Office has launched a criminal investigation.
Source: http://www.deseretnews.com/article/700068379/Oil-like-substance-spotted-inStrawberry-River.html
36. September 24, KGMI 790 AM Bellingham – (Washington) Boat contaminated with
hazardous mussels detained. Washington State had a close call this week, when a
truck hauling a boat contaminated with Zebra Mussels was stopped before it entered
Washington waters. Had the boat not been detained, there could have been hundreds of
millions of dollars in damage caused by the Zebra Mussels becoming established in
Washington. The non-native mussels threaten native fish and wildlife and clog waterintake systems. The Washington State Department of Fish and Wildlife report the state
patrol stopped the boat at the Cle Elum port of entry. The boat was then sent to
Seaview Marina in Bellingham, where it is being decontaminated. Importing the
mussels to Washington is a gross misdemeanor, punishable by up to $5,000 in fines and
1 year in jail. Knowingly bringing them into the state is a felony. Zebra Mussels are
native to the Caspian Sea. The mussels entered the Great Lakes in the mid-1980s, and
have since spread to more than 20 states and two Canadian provinces.
Source: http://kgmi.com/pages/8216965.php?
37. September 24, Reuters – (National) EPA pushing states to cleanup Chesapeake Bay:
report. The U.S. Environmental Protection Agency (EPA) September 24 threatened to
go after five mid-Atlantic states with rules that could lead to higher sewer bills and
stricter conditions on construction unless they cut pollution flowing into the
Chesapeake Bay. The Washington Post reported in its September 25 edition that the
EPA told Virginia, Pennsylvania, West Virginia, Delaware and New York that their
plans to cut pollution contained “serious deficiencies.” The EPA said some states are
lagging behind a 2025 deadline to cut pollution, and those that move too slowly could
see measures that may lead to higher property taxes or new rules for farms. The five
states together account for more than 70 percent of the pollution that causes “dead
zones” in the bay. The enforcement warning comes after the EPA set deadlines to cut
pollution by 2000 and 2010, and then failed to crack down after states missed the
deadlines, the Post said. Federal and state governments have spent more than $5 billion
trying to clean up the bay that is home to commercial quantities of fish, crabs and
oysters. Pollutants such as nitrogen and phosphorus flow into the bay from treated
sewage, fertilizer and animal manure, leading to unnatural algae blooms, and using up
oxygen needed by other inhabitants.
Source: http://www.reuters.com/article/idUSTRE68O0AC20100925
38. September 24, Frederick News-Post – (Maryland) EPA launches criminal
investigation. The U.S. Environmental Protection Agency (EPA) has launched a
criminal investigation into what appears to be green trace dye added to several water
sources in Frederick, Maryland, Fort Detrick officials said. An EPA spokesman would
- 14 -
not confirm or deny the criminal investigation September 23. Still, a Fort Detrick
spokesman said the EPA was in the middle of a criminal investigation and other state
and federal agencies were involved. Green water appeared at Fort Detrick September 2
when workers at the Army post’s wastewater treatment plant noticed it in a tank and
then later flowing into the Monocacy River. At that time, the deputy garrison
commander said the color appeared to be from a harmless dye, possibly the kind used
in waterflow studies. He said he did not see the green water in the Monocacy, but he
was told by people on the scene that it was a Kelly green and fish were swimming
around in it and appeared to be unharmed by the discoloration. Two days before Fort
Detrick’s incident, the water at Hood College’s pool on Rosemont Avenue turned
green. On August 30, the water in the YMCA pool on North Market Street also turned
green. In all three cases, tests indicated the green water did not pose any danger. The
two pools fill with water from the city’s water system, which pulls from the Monocacy
River well upstream of Fort Detrick’s wastewater treatment plant. Officials are unsure
of the cause, but all agree the green water was not caused by Fort Detrick. EPA must
issue a permit before anyone can put trace dye into water and the EPA did not issue any
such permits. The Army post is looking into the possibility gate security was breached
by whomever added the substance to the water.
Source:
http://www.fredericknewspost.com/sections/news/display.htm?StoryID=110314
For more stories, see items 39 and 46
[Return to top]
Public Health and Healthcare Sector
39. September 26, Erie Times-News – (Pennsylvania) Legionella bacteria found at
Millcreek Township facility. Officials at the Golden Living Center-Walnut Creek
nursing home confirmed September 25 that Legionella bacteria has been found in the
Millcreek Township, Pennsylvania facility’s water. “Some of the plumbing and water
outlets in the building have tested positive for Legionella bacteria, and we are taking
appropriate and aggressive measures to address the presence of the Legionella
organism in the plumbing,’’ the center’s director of operations said in a phone
interview. Legionella can cause Legionnaires’ disease, which leads to pneumonia and
other respiratory ailments. The bacteria grows in water, including that found in systems
such as cooling towers and condensers. The $17-million, 72,000-square-foot Golden
LivingCenter facility provides rehabilitation and senior care services.
Source:
http://www.goerie.com/apps/pbcs.dll/article?AID=/20100926/NEWS02/309259884/1/news
40. September 26, New Albany Evening News and Tribune – (Indiana) Indiana reports of
whooping cough reach 24-year high. State health officials said Indiana is on track for
the highest number of pertussis infections since 1986, mirroring a national trend in the
escalation of the highly contagious respiratory disease better known as whooping
- 15 -
cough. Health experts said the rise in reported cases may be due in part to better
diagnostic testing. But they also point to the number of children who may not have
been vaccinated against the disease as well as the number of teenagers and adults who
have failed to get booster shots designed to keep their immunity from waning. As of
mid-September, the number of whooping cough cases reported to the Indiana State
Department of Health for 2010 had surpassed 390, close to the total number for 2009.
An epidemiologist of the Indiana State Department of Health said health experts are
fighting the misconception that whooping cough had been nearly eradicated. The
vaccine helped cut infections from 160,000 in the 1940s to 1,010 per year by 1976. But
the numbers have increased tenfold since. In California alone, there have been more
than 4,000 cases reported this year; including nine infants who have died — most of
them after being misdiagnosed initially.
Source: http://newsandtribune.com/local/x1941091987/Indiana-reports-of-whoopingcough-reach-24-year-high
41. September 24, Associated Press – (Tennessee) Memphis hospital workers sickened
from odor. Four hospital workers fell ill September 24 when a man showed up for
treatment with a noxious odor coming from his body, authorities said. The 62-year-old
man went to the Veterans Administration Medical Center in Memphis, Tennessee about
7:30 a.m., complaining of nausea, vomiting and difficulty breathing, a Memphis Fire
Department spokesman said. As the man was being cleaned, four employees began
feeling nauseous from the odor coming from the patient, a VA spokeswoman said. The
workers immediately began receiving treatment. Two were cleared to go home in good
condition, and two others were allowed to continue working, the fire department
spokesman said.
Source: http://www.knoxnews.com/news/2010/sep/24/memphis-hospital-workerssickened-odor/
[Return to top]
Government Facilities Sector
42. September 27, FOXNews.com – (International) Pentagon silent on Iranian nuke
virus. The Pentagon is refusing to comment on widespread accusations it is responsible
for coordinating a cyber-attack against Iran’s nuclear facilities. Earlier this month, the
Iranians acknowledged the “Stuxnet Worm” had invaded software it uses at multiple
nuclear production plants. A Pentagon spokesman said September 27, the Department
of Defense (DOD) can “neither confirm nor deny” reports it launched this attack. The
Stuxnet worms enters networks through USB portals and is designed specifically to
attack software made by Siemens, the German owned industrial corporation. Last year,
the Pentagon was attacked by a virus that temporarily shut down e-mail services. That
worm also entered the system through commonly used flash drives, or portable hard
drives, that plug into USB ports. Since that attack, the Pentagon has banned the use of
flash drives throughout the DOD, and that ban remains in place today. DHS said last
week it is taking precautions to defend the U.S. against the Stuxnet worm.
- 16 -
Source: http://liveshots.blogs.foxnews.com/2010/09/27/pentagon-silent-on-iraniannuke-virus/
43. September 26, Associated Press – (Pennsylvania) Fires force evacuation at Pa.
dorm. Police in northeastern Pennsylvania are looking for possible suspects after a
series of small fires forced the evacuation of a dormitory at East Stroudsburg
University in Stroudburg, Pennsylvania. The Pocono Record reports that police said
smoke from the four small fires set off alarms in Hawthorn Hall around 3 a.m.
September 24. About 380 students had to be evacuated while fire crews responded, but
no serious injuries were reported. One fire was set in the laundry room, and three others
were set in bathroom trash cans. A university spokesman said no suspect has been
identified, but that Pennsylvania State Police are investigating in conjunction with
university police. Students were eventually allowed to return after about an hour and a
half.
Source:
http://www.northjersey.com/news/103810124_Fires_force_evacuation___at_Pa__dorm
.html
44. September 25, Mid Columbia Tri-City Herald – (Washington) Plutonium waste
shipping deadline set. The first legal deadline for shipping plutonium-contaminated
wastes from Hanford, Washington, has been set under newly approved changes to the
Tri-Party Agreement. A package of new deadlines was tentatively agreed to this spring
by the Department of Energy (DOE) and its regulators to cover radioactive wastes that
temporarily were buried in central Hanford since 1970. On Friday DOE, the
Washington State Department of Ecology, and the Environmental Protection Agency
announced an agreement had been signed following a public comment period. In a key
change that resulted from comments, DOE will have to treat or ship transuranic waste
— at Hanford typically debris contaminated with plutonium — by sometime in 2030.
In the tentative March agreement, DOE had until 2035 to do that work. But the date
was moved up because current projections anticipate that the nation’s repository for
transuranic waste, the Waste Isolation Pilot Project in New Mexico, will stop accepting
waste in late 2030. Work would then begin to close the repository. Under the new
deadlines, DOE is required to have all but the remote-handled waste that was
temporarily buried dug up by September 30, 2016. Remote-handled waste, including
that in four caissons, would need to be dug up by the end of 2018.
Source: http://www.tri-cityherald.com/2010/09/25/1182959/plutonium-waste-shippingdeadline.html
45. September 25, Tulsa World – (Oklahoma) Bomb scare spurs Sapulpa schools
evacuation. The Tulsa Police Department’s Bomb Squad detonated a 6-inch metal pipe
September 24 after its discovery at Sapulpa Junior High School in Sapulpa, Oklahoma
forced the evacuation of that school and two others. No explosives or any other
material were found in the device, authorities said. “It was just a piece of pipe that was
covered on both ends,” said a school resource officer for the Sapulpa Police
Department. “It had the appearance of what we suspected, maybe a pipe bomb.
However, once we got the situation taken care of, nothing was inside the pipe
- 17 -
whatsoever.” The discovery of the device in the junior high’s science wing just after 9
a.m. led to the evacuation of Woodlawn Elementary School and Sapulpa’s junior high
and high schools. About 2,000 students were involved. No one has been arrested in
connection with the scare. Classes resumed at about 12:15 p.m.
Source:
http://www.tulsaworld.com/news/article.aspx?subjectid=11&articleid=20100925_12_A
15_CUTLIN792457
46. September 24, KAAL 6 Austin – (Minnesota) Fields flooded, dorm rooms evacuated
at Carleton College. Floodwaters covered some parts of the Carleton College campus
in Northfield, Minnesota September 24 after the Cannon River overshot its banks.
Water gushed on to the football field and into equipment rooms just after 7 a.m.,
sending coaches scrambling to salvage what they could. Nearby practice fields were
also flooded. The school’s new president said 30 students were evacuated from their
dorm rooms. He said he is hopeful staff will be able to ready the football field for next
week’s homecoming events.
Source: http://kaaltv.com/article/stories/S1760563.shtml?cat=10728
For more stories, see items 8 and 38
[Return to top]
Emergency Services Sector
47. September 27, Monroe News-Star – (Louisiana) Green Oaks makes hurricane
plan. Ouachita Parish’s Green Oaks Juvenile Detention has signed an agreement with
Terrebonne Parish to accept juvenile detainees in the event of a hurricane along
Louisiana’s Gulf Coast region. The agreement, which was approved earlier this week
by the Ouachita Parish Police Jury, calls for Green Oaks to accept up to 15 juveniles
from Terrebonne Parish, nearly a quarter of the facility’s existing population. During
Hurricanes Katrina and Rita in 2005, Green Oaks housed up to 22 juveniles from
Orleans Parish for nearly 2 months, even though there was no formal agreement in
place. Green Oaks is the largest juvenile detention facility in north Louisiana with
nearly 60 beds. “The city of Monroe made an agreement with Terrebonne Parish to
house their evacuees, so this agreement to hold their juvenile detainees was just a good
fit since they were headed this way,” said the director of Green Oaks.
Source: http://www.thenewsstar.com/article/20100927/NEWS01/9270312
For another story, see item 69
[Return to top]
Information Technology Sector
48. September 27, The Register – (International) Anti-piracy lawyers’ email database
leaked after hack. Hackers have uploaded a leaked database of e-mails from anti-
- 18 -
piracy law firm ACS:Law onto P2P networks and Web sites. ACS:Law was among a
handful of entertainment industry-affiliated organizations to endure denial of service
attacks by the denizens of 4Chan last week. A loose-knit collective of members of the
notorious message board also hit the Motion Picture Association of America (MPAA),
Recording Industry Association of America (RIAA), and the British Phonographic
Industry (BPI) using online attack tools, taking the MPAA and RIAA offline in the
process. Other targets of Operation: Payback is a [expletive] included solicitors
ACS:Law and Davenport Lyons. During attempts to re-establish ACS:Law’s Web site,
a compressed copy of what seems to be part of the firm’s e-mail database, contained in
site backups, was exposed online. Hackers extracted the Webmail file and made it
available via torrent trackers and posted it on some Web sites last weekend. “Their site
came back online [after the DDoS attack] – and on their front page was accidentally a
backup file of the whole Web site, including emails and passwords,” a leader of the
attacking group told TorrentFreak. Information contained in the e-mail database
reportedly includes personal details of the targets of the law firm’s threatening letters
and business correspondence with ACS:Law’s partners. The data is buried among spam
and office admin exchanges in a 350MB file. Slyck reports that the file contains around
a month of Webmails belonging to a solicitor who is head of ACS:Law.
Source: http://www.theregister.co.uk/2010/09/27/anti_piracy_lawyer_email_leak/
49. September 27, The Register – (International) Zeus botnets’ Achilles’ Heel makes
infiltration easy. A security researcher has discovered a potentially crippling
vulnerability in one of the most widely used botnet toolkits, a finding that makes it easy
for blackhats and whitehats alike to take control of huge networks of infected PCs. The
flaw in the Zeus crimeware kit makes it trivial to hijack the C&C, or command and
control, channels used to send instructions and software updates to compromised
computers that often number in the hundreds of thousands. There are in turn thousands
or tens of thousands of botnets that are spawned from Zeus, and the vast majority are
susceptible to the technique. That means the bug could make takedowns by law
enforcement and rival crime gangs significantly easier, said the researcher, who
discovered the defect and has written a simple program to exploit it. The researcher’s
script allows a user to upload and execute code of his choosing directly on the server
running the Zeus C&C. Although the Zeus architects designed their software to block
executable scripts from being downloaded, they did so using poorly written PHP code
that can easily be defeated. What’s more, a separate directory traversal flaw makes it
easy to place the malicious payload directly in the server’s root directory, ensuring the
attacker can easily find his malicious script. To run the script, an attacker first must
extract the cryptographic key an infected PC uses to communicate with the C&C.
Although the designers took pains to keep the RC4 key secret, it can easily be deduced
by reading it after it’s loaded into computer memory, or by decrypting the bot’s
configuration file.
Source: http://www.theregister.co.uk/2010/09/27/zeus_botnet_hijacking/
50. September 25, ComputerWorld – (International) Iran confirms massive Stuxnet
infection of industrial systems. Officials in Iran confirmed that the Stuxnet worm
infected at least 30,000 Windows PCs in the country, multiple Iranian news services
- 19 -
reported September 25. Experts from Iran’s Atomic Energy Organization also
reportedly met recently to discuss how to remove the malware. Stuxnet, considered by
many security researchers to be the most sophisticated malware ever, was first spotted
in mid-June by VirusBlokAda, a little-known security firm based in Belarus. A month
later Microsoft acknowledged that the worm targeted Windows PCs that managed
large-scale industrial-control systems in manufacturing and utility companies. Those
control systems, called SCADA, for “supervisory control and data acquisition,” operate
everything from power plants and factory machinery to oil pipelines and military
installations. According to researchers with U.S.-based antivirus vendor Symantec, Iran
was hardest hit by Stuxnet. Nearly 60 percent of all infected PCs in the earliest-known
infection were located in that country. Since then, experts have amassed evidence that
Stuxnet has been attacking SCADA systems since at least January 2010. Meanwhile,
others have speculated that Stuxnet was created by a state-sponsored team of
programmers, and designed to cripple Iran’s Bushehr nuclear reactor.
Source:
http://www.computerworld.com/s/article/9188018/Iran_confirms_massive_Stuxnet_inf
ection_of_industrial_systems
51. September 24, Help Net Security – (International) Bizarre tale behind conviction for
botnet initiated DDoS attack. In a curious twist of fate, a man who refused to
continue his collaboration with a group whose goal was to unmask pedophiles because
he was concerned that their methods were starting to break laws, has been found guilty
of launching a DDoS attack with a botnet he assembled by himself. The target of his
attacks were Web sites on which certain photos of him and his e-mail correspondence
with a fictitious woman named Holly were published. “Holly” was created by the
founder of the group whose members were posing as minors in chatrooms so they
could unmask pedophiles, and worked with the NBC television show called “To Catch
a Predator.” According to a Sophos blog, the programmer was targeted by the founder
of the group, who decided to get revenge by embarrassing him. So, he posed as “Holly”
and started an Internet relationship with the programmer. “Holly” asked him to leave
his wife and meet her at the airport. The programmer did, and while he waited in vain
with flowers in his hand, photos were taken by a hired photographer. The group
founder then posted the photos and the e-mails on a Web site, and the story got picked
up by Radar Magazine and Rolling Stone. Wanting to remove any trace of it from the
Internet, the suspected programmer wrote a computer virus that ensnared some 100,000
computers around the world into a botnet under his command, and started bombarding
sites that had published the story with a huge amount of bogus requests that made them
crash.
Source: http://www.net-security.org/secworld.php?id=9911
52. September 24, TrendLabs Malware Blog – (International) New Azvhan bot family
revealed. A new bot family was found in the wild around April 2010 was recently
revealed. The family was named “Avzhan.” Avzhan malware, detected by Trend Micro
as Mal_Scar-1, mostly affected Asia where most of the affected users resided. Avzhan
bots install themselves onto the Windows system directory using the file name {six
random lower-case letters}.exe. After installation, it deletes its original copy then
- 20 -
executes the copy it installed. The domains it tries to connect to are registered on a
well-known China-based dynamic DNS service. The IP addresses also lead to ISPs in
China. As is typical of botnet zombies, Mal_Scar-1 can execute various commands
received from its command-and-control (C&C) servers, including downloading and
executing potentially malicious files. This also allows complete takeover of users’
systems. In addition, it also steals certain information about users’ systems. This stolen
information is part of the data sent back to the botnet’s servers, which includes the
following: computer name, CPU speed, language used, memory size, and windows
version.
Source: http://blog.trendmicro.com/new-azvhan-bot-family-revealed/
For another story, see item 42
Internet Alert Dashboard
To report cyber infrastructure incidents or to request information, please contact US-CERT at sos@us-cert.gov or
visit their Web site: http://www.us-cert.gov
Information on IT information sharing and analysis can be found at the IT ISAC (Information Sharing and
Analysis Center) Web site: https://www.it-isac.org
[Return to top]
Communications Sector
53. September 27, New York Times – (National) U.S. wants to make it easier to wiretap
the Internet. Federal law enforcement and national security officials are preparing to
seek sweeping new regulations for the Internet, arguing that their ability to wiretap
criminal and terrorism suspects is “going dark” as people increasingly communicate
online instead of by telephone. Essentially, officials want Congress to require all
services that enable communications — including encrypted e-mail transmitters like
BlackBerry, social networking Web sites like Facebook and software that allows direct
“peer to peer” messaging like Skype — to be technically capable of complying if
served with a wiretap order. The mandate would include being able to intercept and
unscramble encrypted messages. The bill, which the U.S. President’s administration
plans to submit to lawmakers in 2011, raises fresh questions about how to balance
security needs with protecting privacy and fostering innovation. And because security
services around the world face the same problem, it could set an example that is copied
globally.
Source: http://www.nytimes.com/2010/09/27/us/27wiretap.html?_r=1
54. September 27, Long Island Press and Associated Press – (New York) No explosives
found after Cablevision offices evacuated for bomb threat. Police in Nassau
County, New York, said no explosive device was found following an evacuation
September 26 at a Syosset building that houses Cablevision Systems Corp. offices. A
bomb threat led authorities to clear out the building off the Jericho Turnpike at about
6:30 p.m. Police could not immediately say how many people were in the building at
- 21 -
the time of the threat. Police are trying to determine who made a threatening call to the
company. A Cablevision spokeswoman said the company is cooperating with
authorities.
Source: http://www.longislandpress.com/2010/09/27/no-explosives-found-aftercabelvision-offices-evacuated-for-bomb-threat/
55. September 24, IDG News Service – (Pennsylvania; National) Comcast hackers get 18
months in prison. Two hackers convicted of defacing Comcast’s Web site 2 years ago
were sentenced September 24 to 18 months in prison. The 20- and 28-year-old suspects
were part of a telephone hacking group called Kryogeniks that took control of the
Comcast.net Web site in May 2008. After taking over an account used to manage
Comcast’s Domain Name System information, they redirected visitors to their own
Web site for several hours. Comcast.net drew about 5 million visitors per day at the
time. During the incident, visitors who went to the site were greeted with the message
“KRYOGENICS Defiant and EBK RoXed Comcast. sHouTz to VIRUS Warlock
elul21 coll1er seven.” The two men were sentenced September 24 and must also pay
almost $90,000 in restitution to Comcast. A third hacker was sentenced last month to 4
months in prison.
Source:
http://www.computerworld.com/s/article/9187978/Comcast_hackers_get_18_months_i
n_prison
56. September 24, The Register – (National; International) VoIP hacker sentenced to 10
years. A Venezuelan citizen was sentenced to 10 years in U.S. federal prison
September 24 for hacking into the networks of telecommunications companies and then
routing millions of minutes of voice over IP calls over their systems. The 27-year-old
admitted in February that he pocketed more than $1m in the scam, in which he posed as
a legitimate reseller of long-distance calling services. By scanning networks of AT&T
and other companies, he was able to identify unprotected ports through which he could
transmit more than 10 million minutes of unauthorized calls. The suspect, who spent
much of his time in Miami, Florida was described as the mastermind behind the
operation. For technical help in identifying vulnerable networks, he turned to a
Spokane, Washington hacker. He was previously sentenced to 2 years in prison for his
role, which included performing more than 6 million scans on AT&T’s network alone
over a 5-month span in 2005.
Source: http://www.theregister.co.uk/2010/09/24/voip_hacker_sentenced/
57. September 24, Mobiledia – (Washington) T-Mobile claims right to block texts. TMobile September 24 asked a federal court to throw out a lawsuit on censorship,
arguing that it has the right to block text messages, which are not subject to the same
regulations as voice services. The Bellevue, Washington-based carrier, which is being
sued by EZ Texting for blocking its campaign for legal medical marijuana dispensaries,
argued that while the Federal Communications Commission (FCC) does not allow
carriers to block specific calls under the “common carriers” provision, text messages
are exempt from that law. T-Mobile claims text messages, which are considered
“information services,” are not under the FCC’s authority and can be blocked to
- 22 -
“protect the carriers’ customers, businesses and brands from offensive, abusive,
fraudulent or illegal information services.” The carrier added that it withdrew EZ
Texting’s short codes because the marketing firm was supposed to get prior approval
for all campaigns run over its network, as specified in its agreement.
Source: http://www.mobiledia.com/news/74528.html
58. September 24, FierceWireless – (National) FCC approves unlicensed white space
use. The Federal Communications Commission (FCC), in a long-awaited move,
approved the use of unlicensed white space spectrum, clearing the way for new classes
of devices that take advantage of what has been dubbed “super WiFi.” The FCC voted
5-0 to approve the plan, nearly 2 years after the agency first approved the use of white
space spectrum — the tiny slivers of spectrum between TV broadcast stations. The
2008 order was delayed by lawsuits from broadcasters, church groups and a famous
singer, all of whom argued such use of the spectrum could interfere with TV stations
and wireless microphones. With the new vote, the FCC handed a victory to Google,
Microsoft, Dell, Motorola and other companies that have been pushing for the spectrum
to be unleashed. The FCC chairman said the vote will provide “unique opportunities for
innovators and entrepreneurs.”
Source: http://www.fiercewireless.com/story/fcc-approves-unlicensed-white-spaceuse/2010-09-24
59. September 24, Los Angeles Times – (National) Researchers calculate the death toll
from texting while driving. According to researchers from the University of North
Texas Health Science Center in Ft. Worth, texting behind the wheel accounted for
16,141 deaths between 2002 and 2007. The researchers arrived at that figure by
analyzing nationwide traffic data from the Fatality Accident Reporting System and
texting records from the Federal Communications Commission and CTIA, the wireless
telecom industry group. Crunching the numbers, they calculated that if text messaging
had never been invented, there would have been 1,925 traffic fatalities per year due to
distracted driving beween 2002 and 2007. But they rose from 4,611 in 2001 to 5,988 in
2007. Some other factoids from the study: The percentage of all traffic deaths caused
by distracted driving rose from 11 percent in 1999 to 16 percent in 2008; Only onethird of Americans had a cellphone in 1999. By 2008, 91 percent did; The average
monthly volume of text messages was 1 million in 2002. By 2008, it was 110 million.
The study was published online September 23 by the American Journal of Public
Health.
Source: http://www.latimes.com/health/boostershots/la-heb-distracted-driving20100924,0,3103350.story
60. September 24, Salt Lake Tribune – (Utah; Colorado) Utah Internet users suffer
outage. A Qwest Internet outage in Utah and Colorado crippled some businesses for
more than 3 hours September 24, including The Salt Lake Tribune and its Web site. A
Qwest spokesman said about 80 businesses in Salt Lake City were affected by the
outage to “varying degrees.” Some businesses also were affected in parts of Colorado.
“It ranged from slowdowns to outages,” he said. The outage occurred about 1 p.m.
when a Qwest computer card failed. The Internet connections to the businesses were
- 23 -
restored about 4:10 p.m. when the equipment was replaced. He did not know at which
Qwest location the equipment failure took place. Some information- technology
officials whose businesses suffered the outage were told by Qwest technical support
representatives that the problem apparently involved the failure of an IP switch, which
acts as a gateway directing data traffic to different customers.
Source: http://www.sltrib.com/sltrib/home/50349837-76/outage-businesses-qwestaffected.html.csp
61. September 24, CacheValleyDaily.com – (Idaho) Backhoe causes broadcast power
outage. A backhoe cutting through a power line on Mount Pisgah in Idaho was
apparently the cause of an outage that was affecting some radio and television reception
September 24. The splice has affected the broadcasts of HD-TV translators and some
FM radio signals, including KVNU’s FM broadcast at 102.1. The outage may also have
affected some cell phone carriers. Estimated repair time was 6 to 8 hours, which could
mean service might not be restored until late September 24 or early September 25.
Source: http://www.cachevalleydaily.com/news/local/Backhoe-causes-broadcastpower-outage-103755879.html
For more stories, see items 15 and 20
[Return to top]
Commercial Facilities Sector
62. September 27, WHIO 1290 AM Dayton – (Ohio) Propane tank explosion burns man
at CultureFest. A Norwood, Ohio man was in good condition late September 26 at
Miami Valley Hospital a day after he sustained serious burns from a propane tank
explosion during this past weekend’s CultureFest in Springfield, Ohio. A second man, a
Springfield city maintenance employee, was taken to Springfield Regional Medical
Center for burns he sustained in the accident. His condition was not available
September 26. The explosion happened while the two men were trying to fix a leak in a
240-pound propane tank that was part of a food booth at the CultureFest celebration at
City Hall Plaza. During the fix, the tank caught fire and ignited in a fireball that shot
about 15 feet into the air. The explosion severely burnt both men and the fire spread to
another tank. Firefighters responded around 7 p.m. to extinguish two burning 240pound tanks.
Source: http://newstalkradiowhio.com/localnews/2010/09/propane-tank-explosionburns-m.html
63. September 26, Quincy Patriot Ledger – (Massachusetts) Six rescued from elevators in
South Shore Plaza power failure. South Shore Plaza in Braintree, Massachusetts was
crowded with shoppers on a hot, humid afternoon September 25 when the lights went
out and the elevators stopped. A power failure had just taken place throughout the
entire mall. A police officer reported the most likely cause was probably a large water
main break inside one of the stores, Debbie’s Pet Land. “There was a lot of water and it
got into the electrical system and probably shorted it out,” he said. Fire officials arrived
- 24 -
shortly after 2 p.m. and hurried around the plaza to check the elevators inside the
stores, including a large number of freight elevators. They freed a family of four with
two small children from one elevator; as well as a teenage youth from Stoughton from
another, and an employee at the Apple store from a freight elevator there. The Braintree
Electric Light Department was also on the scene. Officials had to wait until the water
drained out of the system to restore power. Lights came back on at 3 p.m. in one part of
the mall and at 3:30 p.m. in another section. One teenager was trapped in an elevator
for about 1 hour.
Source: http://www.patriotledger.com/news/cops_and_courts/x1936768836/Poweroutage-at-South-Shoer-Plaza-in-Braintree
64. September 25, Associated Press – (North Carolina) Explosion closes N.C. mall; no
injuries reported. Officials said an explosion in the basement of a Raleigh, North
Carolina, mall led to the temporary closure of the shopping center, but no injuries were
reported. The explosion September 24 blew the top off an electrical box, cutting power
to mall stores. Three shoppers were trapped in an elevator for about 45 minutes until
power was restored. The cause of the explosion had not been determined. Business
returned to normal within a few hours.
Source: http://www.wral.com/news/state/story/8349235/
65. September 24, Crossville Chronicle – (Tennessee) Church evacuated after bomb
threat. Emergency personnel evacuated approximately 30 staff members for a half
hour at the First United Methodist Church on Webb Ave. and Braun St. in Crossville,
Tennesse, September 22 after a bomb threat was phoned into the church. A staff
member of the church, said she answered the phone and a voice said, “There’s a bomb
in the building. You have 30 minutes.” She said, “I called 911 and then pulled the fire
alarm to evacuate.” The Crossville assistant fire chief and a Crossville plice patrolman,
along with Cumberland County EMS, responded to the scene. After investigating the
church grounds, they said there was no evidence of anything suspicious and no
deliveries had been made to the church. “We’re going to wait the 30 minutes and they
have the option of re-entering the building if they want,” the assistant fire chief said.
The voice over the telephone was disguised with a voice modulator. After 30 minutes
staff returned to the building. There were no injuries involved with the evacuation and
there were no children in the church at the time of the threat.
Source: http://crossville-chronicle.com/local/x1535826970/Church-evacuated-afterbomb-threat
[Return to top]
National Monuments and Icons Sector
66. September 26, KUSA 9 Denver – (Colorado) Fire burning in Routt National
Forest. A small wildfire was burning late September 26 in the Routt National Forest in
Colorado, about 18 miles north of Steamboat. U.S. Forest Service officials said the call
came in at 1:30 p.m. September 26. So far, eight acres have burned. Officials said there
is one crew working the fire, with one engine and a helicopter dropping water on the
- 25 -
fire. No structures are threatened at this time.
Source: http://www.9news.com/news/local/article.aspx?storyid=155102&catid=346
67. September 23, KNBC 4 Los Angeles – (California) Fire scorches brush in Cleveland
National Forest. A fire driven by dry brush in eastern Orange County, California,
threatened some remote campground structures September 23 in the Cleveland
National Forest. As of 4:15 p.m. September 23, the fire had burned at least 25 acres, the
Orange County Register reported. No homes were in danger, but a few structures at the
Los Pinos Conservation Camp were threatened. The fire broke out around noon in the
Long Canyon area of the national forest, west of the Ortega (74) Highway and near the
Riverside County line, a spokesman for the Cleveland National Forest said. At least one
law-enforcement officer at the scene suffered an unknown type of heat-related injury.
The extent of the injury was not immediately known. The fire was being driven by fuel
and topography.
Source: http://www.nbclosangeles.com/news/local-beat/Fire-Scorches-Brush-inCleveland-National-Forest-103659199.html
[Return to top]
Dams Sector
68. September 27, CNN – (Wisconsin) Levee along Wisconsin River fails; extent of
possible flooding unkown. As many as 100 homes could be affected by flood waters
in Wisconsin due to the failure of a 120-year-old sand levee along the Wisconsin River.
The levee, near the city of Portage in Columbia County, began to give way the night of
September 26, according to the National Weather Service’s Milwaukee/Sullivan office.
A representative of the Columbia County Emergency Operations Center, confirmed to
CNN the morning of September 27 that the levee had in fact failed. “Once the levee
completely fails ... it is unknown how far south the flood waters of the Wisconsin River
will travel,” the weather agency said Sunday night. The levee is located on the south
side of the Wisconsin River, just south of Portage. The weather agency urged residents
to move to higher ground. Roadways, including parts of Interstate 39, could close.
Authorities in Portage worked September 26 to evacuate residents as the levee
approached imminent failure after heavy rainfall soaked the Midwest last week. An
alert sent out by Columbia County Emergency Management September 26 urged
residents near Blackhawk Park to evacuate immediately ahead of the flooding, which is
expected to wash out a main road leading to about 150 residences. “Emergency
vehicles including police, fire and EMS will not be able to reach residents,” the
statement said. The deputy director of the county’s emergency management
department, said September 26 it was unclear how many residents remained in the area.
A Red Cross shelter was opened at a nearby church to accommodate displaced
residents. The river at Portage is expected to stay above flood stage — 17 feet —
through September 29. Portage will not be considered to be out of danger until the river
has dropped below flood levels. The levee system, built in the 1890s, was constructed
from locally available materials — mostly sand — “without any engineering design or
adherence to any standards,” the Natural Resources department said in a statement last
- 26 -
week.
Source: http://www.cnn.com/2010/US/09/27/wisconsin.flooding/index.html?hpt=T1
69. September 26, Catskill Daily Mail – (New York) Emergency services complete
Sleepy Hollow dam failure exercise. A dam failure exercise was held September 25 at
the Sleepy Hollow dam in the village and town of Athens, New York. The Athens Fire
Department orchestrated the event, with numerous other agencies assisting in the
mitigation drill. The New York State Emergency Management Office (SEMO) was on
hand to oversee the operation for which the agencies have been coordinating “tabletop”
exercises for several years. A tabletop is essentially a brainstorming and strategy
session with multiple agency leaders to develop an emergency action plan. “Everything
went very well,” said the Athens Fire Department chief. He said this was the first mock
dam failure evacuation exercise in Sleepy Hollow Lake’s history. The neighborhood
features about 350 homes that use the lake for household water. If the dam were to fail,
its waters would flood a zone from Union Street to Brick Row in the village on its way
into the Hudson River. SEMO, which works under the umbrella of DHS, cooperated
with the Athens Fire Department, the state office of fire prevention and control, Greene
County Emergency Services, the Sleepy Hollow Public Safety team and surrounding
agencies. Other agencies that assisted included West Athens-Limestreet Fire
Department, Coxsackie Hose Company No. 3, Catskill Fire Department, Catskill
Ambulance and the American Red Cross.
Source:
http://www.thedailymail.net/articles/2010/09/26/news/doc4c9ea89b6a92b679942092.tx
t
70. September 25, Associated Press – (Iowa) Divers repair washout under Iowa
dam. Divers have been called in to repair a washout on a dam in Anamosa, Iowa,
caused by flooding on the Wapsipinicon River in 2008. The dam, which generates
electricity for Alliant Energy, is owned by North American Hydro of Neshkoro,
Wisconsin. “It needs to be fixed. If left untended, the dam would have eventually
washed out,” said the operator of the dam for North American Hydro. He said that if it
had failed, the results would not have been catastrophic. The Anamosa dam is much
lower and holds back less water than the dam at Lake Delhi, which washed out in July,
draining a 9-mile-long lake. Concrete is piped under water to the divers, who pump it
into large cloth bags to build concrete blocks. The blocks will be pinned to the bedrock
and to each other with iron and then covered in concrete.
Source: http://www.chicagotribune.com/news/chi-ap-ia-anamosadam,0,7795347.story
71. September 25, Associated Press – (New Hampshire) Troublesome dam to be taken
out. A breached dam that has been blamed for flooding for years in one area town is
getting a fix. Selectmen in Hampstead, New Hampshire voted September 22 to have the
town pay to clear the dam near Route 111, which is on private property but has become
such a public nuisance that town officials figure it would cost more for them not to
address it.
Source: http://www.concordmonitor.com/article/217778/troublesome-dam-to-be-takenout
- 27 -
72. September 24, Red Wing Republican Eagle – (Minnesota) High waters trip flood
gates at Byllesby Dam. Some of Byllesby Dam’s trip gates opened due to high waters
during the previous night, the Cannon Falls, Minnesota, Police Department reported the
morning of September 24. Dam operators advised city officials that the gates worked as
designed. Following safety procedures, the city opened its incident command system
and officials were planning on meeting throughout the day to monitor the situation.
Sandbagging was being done at a limited number of residences as a precautionary
measure. No evacuation of residences is occurring, police said.
Source: http://www.republican-eagle.com/event/article/id/69174/group/homepage/
[Return to top]
DHS Daily Open Source Infrastructure Report Contact Information
About the reports - The DHS Daily Open Source Infrastructure Report is a daily [Monday through Friday]
summary of open-source published information concerning significant critical infrastructure issues. The DHS Daily
Open Source Infrastructure Report is archived for ten days on the Department of Homeland Security Web site:
http://www.dhs.gov/iaipdailyreport
Contact Information
Content and Suggestions:
Send mail to cikr.productfeedback@hq.dhs.gov or contact the DHS
Daily Report Team at 703-872-2267
Subscribe to the Distribution List:
Visit the DHS Daily Open Source Infrastructure Report and follow
instructions to Get e-mail updates when this information changes.
Removal from Distribution List:
Send mail to support@govdelivery.com.
Contact DHS
To report physical infrastructure incidents or to request information, please contact the National Infrastructure
Coordinating Center at nicc@dhs.gov or (202) 282-9201.
To report cyber infrastructure incidents or to request information, please contact US-CERT at soc@us-cert.gov or visit
their Web page at www.us-cert.gov.
Department of Homeland Security Disclaimer
The DHS Daily Open Source Infrastructure Report is a non-commercial publication intended to educate and inform
personnel engaged in infrastructure protection. Further reproduction or redistribution is subject to original copyright
restrictions. DHS provides no warranty of ownership of the copyright, or accuracy with respect to the original source
material.
- 28 -