Homeland Security Daily Open Source Infrastructure Report for 21 September 2010

advertisement
Homeland
Security
Current Nationwide
Threat Level
ELEVATED
Daily Open Source Infrastructure
Report for 21 September 2010
Significant Risk of Terrorist Attacks
For information, click here:
http://www.dhs.gov
Top Stories

According to the U.S. Department of Justice, a scientist and his wife, who both previously
worked as contractors at the Los Alamos National Laboratory in New Mexico, have been
indicted on charges of communicating classified nuclear weapons data to a person they
believed to be a Venezuelan government official, and conspiring to participate in the
development of an atomic weapon for Venezuela. (See item 12)

National Public Radio reports that cooler temperatures and calmer and shifting winds have
diminished the wildfire threat to 1,600 homes in Herriman, Utah. Several neighborhoods
were evacuated September 19 after a wildfire erupted shortly after noon near a machinegun training range at Camp Williams, a vast military reservation used by the Army
National Guard located about 30 miles south of Salt Lake City. (See item 38)
Fast Jump Menu
PRODUCTION INDUSTRIES
• Energy
• Chemical
• Nuclear Reactors, Materials and Waste
• Critical Manufacturing
• Defense Industrial Base
• Dams
SUSTENANCE and HEALTH
• Agriculture and Food
• Water
• Public Health and Healthcare
SERVICE INDUSTRIES
• Banking and Finance
• Transportation
• Postal and Shipping
• Information Technology
• Communications
• Commercial Facilities
FEDERAL and STATE
• Government Facilities
• Emergency Services
• National Monuments and Icons
Energy Sector
Current Electricity Sector Threat Alert Levels: Physical: ELEVATED,
Cyber: ELEVATED
Scale: LOW, GUARDED, ELEVATED, HIGH, SEVERE [Source: ISAC for the Electricity Sector (ES-ISAC) [http://www.esisac.com]
-1-
1. September 20, KVVU 5 Las Vegas – (Nevada) Explosion rocks gas station, hurts
businesses. An explosion at a gas station in North Las Vegas, Nevada, over the
weekend not only means the station is a total loss, it’s hurting nearby businesses, too.
The explosion created a huge fireball at the gas station near Craig Road and Interstate
15 late September 18 or early September 19. No one was hurt in the explosion, but it
did tear the roof off the building and send the front door flying about 100 feet in the air,
fire officials said. The JCW Petroleum Mini Mart had recently closed to business. But
two employees working at a restaurant next door were present when the gas station
blew up. “They actually felt the boom,” the owner of Viva Zapatas said. “They went
out to the front of the restaurant and they were looking out the windows, and that’s
when they saw a lot of fireballs shooting out of the building next door.” The fire started
in the building and the gas pumps weren’t involved, firefighters said. The gas station
was a total loss, suffering $100,000 worth of damage.
Source: http://www.fox5vegas.com/news/25081189/detail.html
2. September 19, Los Angeles Times and Associated Press – (Louisiana) Blown-out BP
well finally killed at bottom of Gulf of Mexico. The BP oil well in the Gulf of
Mexico — source of the largest offshore oil spill in U.S. history — has been
permanently killed, a top federal official announced September 19. The federal spill
response chief said pressure tests confirmed that BP’s effort to intersect the well 50
miles off of the coast of Louisiana and plug it with cement nearly 18,000 feet below the
ocean surface had proved successful. “With this development, which has been
confirmed by the Department of the Interior’s Bureau of Ocean Energy Management,
we can finally announce that the Macondo 252 well is effectively dead,” the federal
spill response chief said in a statement. “Additional regulatory steps will be undertaken,
but we can now state, definitively, that the Macondo well poses no continuing threat to
the Gulf of Mexico.”
Source: http://latimesblogs.latimes.com/greenspace/2010/09/blown-out-bp-well-finallykilled-at-bottom-of-gulf-of-mexico.html
3. September 18, Farmington Daily Times – (New Mexico) San Juan County
authorities practice mock disasters. New Mexico area law enforcement agencies
responded to a mock explosion on a pipeline on County Road 4990, and a mock mass
shooting at ConocoPhillips on U.S. 64 September 18 during an emergency training
event intended to practice for real disasters. The annual training event, hosted by an oil
and natural gas company and authorities throughout San Juan County, allows officials
from police, firefighters, paramedics and the New Mexico National Guard the
opportunity to practice working together, the San Juan County emergency manager
said. The purpose is to not only determine areas that need improvement, but also to
practice in the event a local, domestic terrorist attack occurred, he said.
Source: http://www.daily-times.com/ci_16115450
4. September 18, Intelligencer and Wheeling News Register – (West Virginia) Gas well
training begins for responders. With new gas wells being drilled throughout the
United States at an increasing rate, the chances of an emergency situation is also
increasing. Following the gas well explosion on Beam’s Lane in Moundsville, West
-2-
Virginia in June, and a second incident off U.S. 250 near Cameron, West Virginia in
July that required the evacuation of residents near the well, the Marshall County
emergency management director saw the immediate need for training of first
responders. As a result, the first in a series of gas well emergency training classes took
place September 18 at the Limestone Volunteer Fire Department. Some 44 participants,
including representatives of all the Marshall County volunteer fire departments, search
and rescue teams, emergency management and industry personnel attended.
Source: http://www.news-register.net/page/content.detail/id/541942.html?nav=515
5. September 17, Beckley Register-Herald – (West Virginia) Man suffers burns after
alleged copper theft attempt. A man suffered serious burns September 16 behind the
locked gate of an Appalachian Power Co. substation in Raleigh County, West Virginia
officials said. Firefighters said they found a man on his knees inside the substation on
Pemberton Road in Coal City with copper surrounding him. When asked if the man
was attempting to steal copper, the Coal City fire chief said, “If I had to take an
educated guess, I would say yes. He was behind a locked gate with tools suggesting
that is what he was doing.” Coal City VFD safety officer, the first firefighter to arrive
at the scene shortly after 2 p.m., said the man had third-degree burns from the waist up
and a hole in his left leg where it is believed the electrical current exited his body. The
man was in critical condition. As a result of the incident, more than 600 APCO
customers lost power. As of 8 p.m. September 16, power had been restored to more
than 430 customers, with the remaining outages expected to be restored later that night.
Source: http://www.register-herald.com/todaysfrontpage/x721418749/Man-suffersburns-after-alleged-copper-theft-attempt
[Return to top]
Chemical Industry Sector
6. September 17, TheMonitor.com – (Texas) Demolition workers spark Donna
chemical fire. Demolition workers accidentally started a fire at an old chemical
manufacturing plant in Donna, Texas, September 17. The facility is used to
manufacture napthalene, a chemical used for dry cleaning solutions, a Mid-Valley
emergency coordinator said. The workers, contracted by the City of Donna, were
demolishing the building when the chemicals inside caught fire. “Fortunately there was
no explosion,” he said. “It was a highly voliatile chemical. The Donna Fire Department
was able to put it out very quickly using foam.” Officials feared the foam and water
used to extinguish the fire would mix with floodwaters and cause further flooding. A
company was hired to clean up the portion of the facility that was damaged and
contaminated by the fire. That company was able to contain the water before it posed a
problem for the city. The emergency coordinator expected the clean-up to be finished
by September 18 or 19 if heavy rain does not deter the efforts. The Texas Commission
on Environmental Quality was called in to handle the investigation.
Source: http://www.themonitor.com/articles/workers-42863-chemical-demolition.html
For another story, see item 27
-3-
[Return to top]
Nuclear Reactors, Materials and Waste Sector
7. September 20, Patriot News – (Pennsylvania) TMI shuts down because of generator
problem. Three Mile Island Unit 1 in Londonderry Township, Pennsylvania went off
line at 11:25 p.m. September 20 when the plant’s turbine generator shut down, a
spokesman for plant owner Exelon reported. Plant technical experts are working to
determine the cause, he said. When the plant shut down, steam was released that people
nearby may have heard, the spokesman said, but there was no health threat. Electricity
customers are not affected by the plant being offline, he said.
Source:
http://www.pennlive.com/midstate/index.ssf/2010/09/tmi_shuts_down_because_of_gen
e.html
8. September 19, Poughkeepsie Journal – (New York) Concerns remain after nuke
plant shutdown. With both reactors shut down at Indian Point in the same week that
the federal government tested emergency evacuation plans, safety issues at the nuclear
plant in Buchanan, New York dominated regional news reports. The plant is back at
full power and the September 17 report card on disaster preparedness came back with a
passing grade — but concerns linger. “You’re not talking about a toy factory, this is a
nuclear plant,” said a Yorktown Heights resident. “I know they do some good things,
and obviously we need the power. But if you have a problem with a nuclear plant, the
potential risk is astronomical.” That seems to be the issue that won’t go away — the
question of how bad things could get if there were a real emergency at the site.
Officials from plant owner Entergy Nuclear point to the industry’s safety record versus
coal mining, natural gas, petroleum and other forms of electricity generation.
Source:
http://www.poughkeepsiejournal.com/article/20100919/NEWS01/9190375/Concernsremain-after-nuke-plant-shutdown
[Return to top]
Critical Manufacturing Sector
9. September 18, WVLT 8 Knoxville – (Tennessee) Inspectors search for cause of Alcoa
plant fire. It took fire crews nearly 2 hours to fully put out a fire at the Alcoa plant in
Blount County, Tennessee. Officials with the company said that the fire originated in
the “Hot Mill” area of the North Plant just before 1:30 p.m. September 18. All workers
were evacuated safely. Flames from the blaze quickly spread to the rafters. At least six
units from the City of Alcoa and Blount County Fire Departments were dispatched to
the plant around 1:45 p.m. They arrived minutes later, at which point smoke could be
seen coming from the facility for several miles. The fire and hot spots were
extinguished just before 4 p.m. Company inspectors almost immediately went to work
trying to determine the cause of the fire and how much damage it caused to the facility.
-4-
The North Plant is officially known as the Rigid Packaging Plant and is used to produce
aluminum for beverage cans. Alcoa is the world’s third largest producer of aluminum,
and its products are used worldwide in aircraft, automobiles, oil and gas, building and
construction, and industrial applications.
Source: http://www.volunteertv.com/news/headlines/103204294.html
10. September 17, WTHR 13 Indianapolis – (Indiana) Allison transmission plant
evacuated. The Allison Transmission plant in Indianapolis, Indiana was evacuated
September 17 due to a fire. The fire and subsequent power outage caused a wastewater
containment system to release wastewater, which contains some lubricating oils and
coolant, onto the parking areas at the plant. The fire was caused by a broken water pipe,
which sprayed onto a 4100-volt power supply. The resulting power outage caused the
wastewater containment system to stop working, resulting in a release of wastewater
onto the plant’s parking areas. The fire department said the spill containment
procedures put in place by Allison have contained the wastewater on property and as a
result, no ecological damage is expected from this incident. No injuries were reported
due to the fire or release. The wastewater contains cooling tower water and process
water used within the plant. It is mostly water, with some lubricating oils and coolants
mixed in. Allison’s Transmission is currently working with the fire department and
Marion County Health to prevent any further damage or incidents.
Source: http://www.wthr.com/story/13172874/allison-transmission-plantevacuated?redirected=true
[Return to top]
Defense Industrial Base Sector
11. September 19, Huntsville Times – (National) Huntsville company putting digital
‘backbone’ in Army armored vehicles. A Huntsville, Alabama company is helping
put some badly needed “digital backbone” into the Mine Resistant Ambush Protected
(MRAP) ground vehicle essential to troops in Afghanistan, Iraq and elsewhere. MRAPs
were hurriedly developed by different manufacturers to replace the lighter Humveetype vehicles that were more vulnerable to improvised explosive devices and other
weapons. Since the MRAPs were fielded quickly to protect troops, little provision was
made for C4ISR electronics — Command, Control, Communications and Computer,
Intelligence, Surveillance and Reconnaissance. The Army needed a “digital backbone”
kit that could handle all the high-tech gear and be quickly installed in the theater of
operations. Six companies produce the components for the digital backbone kit, which
includes “smart” flat-panel displays from General Dynamics of Canada and a
sophisticated video and data-distribution hub, called OmniScape, made by DRS Test
and Energy Management in Huntsville.
Source: http://blog.al.com/huntsville-times-business/2010/09/post_14.html
12. September 17, U.S. Department of Justice – (New Mexico) Former workers at Los
Alamos charged with transmitting classified nuclear weapons data. The Justice
Department (DOJ) September 17 announced that a scientist and his wife, who both
-5-
previously worked as contractors at the Los Alamos National Laboratory (LANL) in
New Mexico, have been indicted on charges of communicating classified nuclear
weapons data to a person they believed to be a Venezuelan government official, and
conspiring to participate in the development of an atomic weapon for Venezuela,
among other violations. Both defendants were arrested by FBI agents September 17. If
convicted of all the charges in the indictment, the defendants face a potential sentence
of life in prison. The indictment does not allege that the government of Venezuela or
anyone acting on its behalf sought or was passed any classified information, nor does it
charge any Venezuelan government officials or anyone acting on their behalf with
wrongdoing. Further, the indictment does not charge any individuals currently working
at LANL with wrongdoing. According to the indictment, one of the defendants had a
series of conversations in March 2008 with an undercover FBI agent posing as a
Venezuelan government official. During these conversations, he discussed his program
for developing nuclear weapons for Venezuela. Among other things, the suspect
allegedly said he could help Venezuela develop a nuclear bomb within 10 years and
that, under his program, Venezuela would use a secret, underground nuclear reactor to
produce and enrich plutonium, and an open, above-ground reactor to produce nuclear
energy.
Source: http://www.justice.gov/opa/pr/2010/September/10-nsd-1044.html
13. September 17, WSMV 4 Nashville – (Tennessee) Flare plant to partially reopen after
explosion. A manufacturing facility that makes flares for the U.S. military is set to
partially reopen September 20 after three workers were severely burned in an explosion
there. The Jackson Sun reports Kilgore Flares in Toone, Tennesee will resume
operations in sections of the plant that don’t use processes that may have caused the
September 14 fire. Three employees were burned on at least half their bodies. They
were still hospitalized in Memphis. Kilgore officials said the three put together
magnesium- and Teflon-coated parts, caps and other pieces for countermeasure decoy
flares used to protect Air Force F16s from heat-seeking missiles.
Source: http://www.wsmv.com/news/25054629/detail.html
[Return to top]
Banking and Finance Sector
14. September 20, LoanSafe.org – (New Jersey) Former Chase employee charged in $1.8
Million bank fraud scheme. An indictment was unsealed September 20 against a
suspect accused of charging a multi-year bank fraud scheme that netted him over $1.8
million between the summer of 2005 and the summer of 2009, an U.S. attorney
announced. The suspect was also charged with engaging in transactions over $10,000
with the proceeds of the fraud. The 22-count indictment charges that the suspect, while
an employee of JPMorgan Chase Services, manipulated the firm’s internal books and
records and caused the bank to wire transfer to his account, to accounts of his family,
and to accounts in which his life partner had right, title, interest or control. The
indictment claims that among the wire transfers of funds was one in 2005 for over
$499,500, one in 2008 for $583,444.99, and one in 2009 for another $583,444.99. If
-6-
convicted, he faces a statutory maximum possible sentence of 240 years in prison, a
fine of $6.25 million, $2,200 in special assessments, and up to 5 years’ supervised
release.
Source: http://www.loansafe.org/former-chase-employee-charged-in-1-8-million-bankfraud-scheme
15. September 19, WLS 7 Chicago – (Illinois) Hundreds fall victim to ID theft
scam. More victims have come forward regarding a case of debit card fraud in
Wheeling, Illinois. Hundreds of people lost thousands of dollars, and Chicago police
were offering up tips to help protect against scam artists. The story is the same in all the
cases: residents used their debit cards at a local business and then noticed large ATM
withdrawals from their bank accounts. Consumers in Wheeling and Buffalo Grove
were targeted. Police said they are not sure who is responsible for the illegal activity
but said all the victims used their debit cards at a local business. Batavia-based national
grocery store chain Aldi issued a statement September 17 acknowledging they were
recently notified that the security of a limited number of debit card terminals at some
stores may have been compromised, and they have removed terminals that may have
been affected. The FBI is investigating.
Source: http://abclocal.go.com/wls/story?section=news/local&id=7676756
16. September 18, Bank Info Security – (National) 6 Banks closed on Sept. 17. Federal and
state banking regulators closed six banks September 17. These failures raise the total
number of failed institutions to 140 so far in 2010. ISN Bank, Cherry Hill, New Jersey,
was closed by the New Jersey Department of Banking and Insurance, which appointed
the Federal Deposit Insurance Corp. (FDIC) as receiver. The FDIC entered into a
purchase and assumption agreement with New Century Bank (d.b.a., Customers Bank),
Phoenixville, Pennsylvania, to assume all ISN deposits. The cost to the Depositors
Insurance Fund (DIF) is estimated to be $23.9 million. The Bank of Ellijay, Ellijay,
First Commerce Community Bank, Douglasville, and The Peoples Bank, Winder, were
closed by the Georgia Department of Banking and Finance, which appointed FDIC as
receiver. Community & Southern Bank, Carrollton, Georgia, acquired the banking
operations of all three banks, including all deposits. The FDIC estimates the cost to DIF
for Bank of Ellijay will be $55.2 million; for First Commerce Community Bank, $71.4
million; and for The Peoples Bank, $98.9 million. Bramble Savings Bank, Milford,
Ohio, was closed by the Ohio Division of Financial Institutions, which appointed the
FDIC as receiver. The FDIC entered into a purchase and assumption agreement with
Foundation Bank, Cincinnati, to assume all deposits. The cost to DIF is estimated to be
$14.6 million. Maritime Savings Bank, West Allis, Wisconsin, was closed by Office of
Thrift Supervision, which appointed FDIC as receiver. The FDIC entered into a
purchase and assumption agreement with North Shore Bank, FSB, Brookfield,
Wisconsin, to assume all Maritime deposits. The cost to the DIF is estimated to be
$83.6 million.
Source: http://www.bankinfosecurity.com/articles.php?art_id=2932
17. September 18, San Francisco Appeal – (California) Man sentenced in $1.3 million
bank fraud scam. One man was sentenced to prison September 15 for participating in
-7-
a scheme with three others that defrauded banks of more than $1.3 million, according
to the U.S. Justice Department. The 46-year-old, was ordered to serve 45 months in
prison for depositing fraudulent checks from a credit line into bank accounts and then
rapidly withdrawing the money from ATMs, a U.S. attorney said in a statement. All
four defendants made plea agreements admitting to depositing the phony checks,
making withdrawals, and then making purchases before the checks were returned
unpaid. The statement said bank accounts became overdrawn by thousands of dollars,
and sometimes tens of thousands of dollars.
Source: http://sfappeal.com/news/2010/09/man-sentenced-in-13-million-bank-fraudscam.php
18. September 17, Associated Press – (California) San Francisco man charged in $25M
Ponzi scheme. Federal prosecutors said a San Francisco man has been charged with
defrauding investors of $25 million in a residential property Ponzi scheme. A U.S.
attorney said the 31-year-old suspect allegedly persuaded at least 80 people to lend him
money by promising high returns on their investments in properties he would purchase,
renovate and resell. FBI investigators allege that instead, early investors were
reimbursed with funds from later lenders, while the suspect used some of the proceeds
for personal expenses and to invest in retail businesses. The suspect pleaded not guilty
during his first court appearance September 17.
Source: http://www.sfgate.com/cgibin/article.cgi?f=/n/a/2010/09/17/state/n154425D39.DTL
19. September 17, Krebs on Security – (International) SpyEye botnet’s bogus billing
feature. Miscreants who control large groupings of hacked PCs or “botnets” are always
looking for ways to better monetize their crime machines, and competition among rival
bot developers is leading to devious innovations. The SpyEye botnet kit, for example,
now not only allows botnet owners to automate the extraction of credit card and other
financial data from infected systems, but it also can be configured to use those
credentials to generate bogus sales at online stores set up by the botmaster. SpyEye is a
software package that promises to make running a botnet a point-and-click exercise. A
unique component of SpyEye is a feature called “billinghammer,” which automates the
purchase of worthless or copycat software using credit card data stolen from victims of
the botnet. The SpyEye author explained this feature in detail on several hacking
forums where his kit is sold, even including a video that walks customers through the
process of setting it up. Basically, the scam works like this: The botmaster acquires
some freeware utility or legitimate program, renames it, claims it as his own and places
it up for sale at one of several pre-selected software sales and distribution platforms,
including ClickBank, FastSpring, eSellerate, SetSystems, or Shareit. The botmaster
then logs in to his SpyEye control panel, feeds it a list of credit card numbers and
corresponding cardholder data, after which SpyEye opens an Internet Explorer Window
and — at user-defined intervals — and starts auto-filling the proper fields at the
botmaster’s online store and making purchases.
Source: http://krebsonsecurity.com/2010/09/spyeye-botnets-bogus-billing-feature/
-8-
20. September 17, KWTX 10 Waco – (Texas) FBI seeks public’s help in finding I-35
bandit. The FBI asked for the public’s help September 17 in locating the man dubbed
the I-35 Bandit who’s robbed 15 Texas banks between Wichita Falls and San Antonio
since January 2004. The most recent robbery occurred September 8 at the First State
Bank Central Texas in Little River Academy during the height of flooding in the area
caused by heavy rainfall from Tropical Storm Hermine. The robber used a small sedan
as a getaway vehicle in all 15 of the robberies, and when he held up the bank in Little
River, he was driving a 2011 model Hyundai Sonata that may have been a rental, the
FBI said. It appears he has lost weight over the last 2 years, authorities said. The I-35
Bandit should be considered “armed and extremely dangerous,” the FBI said, because
in each robbery he entered the bank with his handgun drawn and pointed it directly at
tellers or customers.
Source: http://www.kwtx.com/news/headlines/103163624.html?ref=624
21. September 17, U.S. Securities and Exchange Commission – (National) Lambros D.
Ballas sanctioned. A suspect, of Huntington, New York, was barred from association
with any broker or dealer by the U.S. Securities and Exchange Commission (SEC). The
sanction was ordered in an administrative proceeding before an administrative law
judge, following a court-ordered injunction against him. In July 2010, the suspect was
enjoined from violating the antifraud provisions of the federal securities laws based on
his involvement in a fraudulent scheme to manipulate stock prices of multiple publicly
traded companies. He arranged for the distribution of phony press releases involving
major public companies, such as Google, Microsoft, and Walt Disney, and then posed
as an investor on Yahoo! Inc. Internet message boards providing links to the bogus
releases he had created and disseminated. In the case of one company he touted, the
suspect bought 5,000 shares of its stock before issuing a phony press release that
caused the stock price to increase nearly 80 percent within a few hours of the fake
release. During the time in which he engaged in this conduct, the suspect was a
registered representative with a broker-dealer registered with the Commission.
Source: http://www.sec.gov/news/digest/2010/dig091710.htm
22. September 16, Wired.com – (California) Man gets 6 years in prison for laundering
$2.5 million for carders. A California man who helped funnel stolen cash to a global
network of hackers and carders was sentenced September 16 to 6 years in prison for
conspiracy to launder money.â ¨ The 38-year-old suspect, also known as
“uBuyWeRush,” ran a legitimate business selling liquidation and overstock
merchandise online and from three California stores. But, according to an indictment,
he also sold MSR-206’s to carders to encode stolen bank card data onto blank cards,
and he served as a conduit to transmit stolen money between mules and carders. He
worked with many of the top carders in the criminal underground between 2003 and
2006, including a Ukrainian carder who allegedly worked with the TJX hacker and was
considered by authorities to be one of the top sellers of stolen card data on the Internet.
In 2003 and 2004, the suspect became an approved and trusted vendor on online
criminal forums such as CarderPlanet and Shadowcrew, advertising his goods and
services and dispensing advice on the best tools to use for various criminal endeavors.
Source: http://www.wired.com/threatlevel/2010/09/ubuywerush/
-9-
[Return to top]
Transportation Sector
23. September 20, Reuters – (International) France warns of terror threat. France is on
heightened alert for possible terrorist attacks after receiving a tip-off that a female
suicide bomber was planning to attack the transport system, a police source said
September 20. The interior minister said France was facing a real terrorism threat as it
faces a backlash from al Qaeda militants in North Africa and fears grow of an attack
from home-grown cells within its borders. A police source told Reuters the authorities
had been alerted from Algeria that there was a possible threat from a female suicide
bomber to the Paris metro system. Citing unidentified security sources, French radio
station RTL reported earlier in the day that the authorities had been informed of the
possible bomber September 15. A spokesman for the public prosecutor said an
investigation to determine the truth of the information was under way. “On Salafist
websites, close to al Qaeda, there have been more calls against France and
communication has been intercepted from (al Qaeda’s) Abu Yahya al-Libi to AQIM to
attack France as a priority,” a spokesman for the International Terrorism Observatory in
Paris told Reuters Television. The head of France’s counter intelligence service has
appeared in several interviews recently evoking the heightened alert.
Source: http://www.reuters.com/article/idUSTRE68J3X120100920
24. September 18, Associated Press – (Texas) Charter bus hits Texas highway barrier,
18 injured. A charter bus struck a highway barrier after leaving Dallas, Texas
September 18, injuring 18 people, including one seriously. The bus left Dallas and was
headed to Oklahoma City when it crashed just after midnight near Sanger, Texas about
50 miles north of Dallas, said a spokesman for the Texas Department of Safety. The
bus driver told authorities that a vehicle swerved in front of him and he took evasive
action by pulling into the inside shoulder of the highway. The bus struck the concrete
barrier and came to rest on the grassy median. It didn’t overturn, but five passengers
were ejected through side windows. Eighteen of the 33 bus passengers were taken to
three area hospitals with varying degrees of injuries, including one who was transported
in serious condition.
Source: http://www.cfnews13.com/article/news/ap/september/152257/Charter-bus-hitsTexas-highway-barrier-18-injured
For more stories, see items 1 and 3
[Return to top]
Postal and Shipping Sector
25. September 20, United Press International – (International) White powder sent to
another embassy. White powder was found in an envelope at an embassy in Tel Aviv,
Israel — this time at the Turkish Embassy — for the fourth time in 1 week, officials
said. Israeli firefighter teams and units specializing in dangerous substances were sent
- 10 -
to the site. No injuries were reported, Ynetnews.com said. Embassy staffers opening
mail discovered the white powder inside an envelope, the Web site said. It was the
fourth time within 1 week that rescue forces were dispatched to Tel Aviv after
suspicious envelopes were sent to foreign embassies, the report said. Last week,
envelopes containing white powder and threats to the state of Israel were sent to the
American, Spanish and Swedish embassies, the report said.
Source: http://www.upi.com/Top_News/World-News/2010/09/20/White-powder-sentto-another-embassy/UPI-17661284993138/
26. September 17, Associated Press – (Missouri) Suspicious substance prompts
lockdown. A letter containing an unknown substance prompted a brief lockdown at a
Jefferson City building that houses a Missouri state agency. The letter was delivered
yesterday to the Missouri Division of Professional Registration and Licensing. KRCGTV reported an employee had a skin reaction from opening the letter. A state
department of public safety spokesman said preliminary tests indicated the substance
was a prescription pain medication. The spokesman said police responded around 10:30
a.m., and the building returned to normal around 12:30 p.m. The office building is
about 5 miles west of the state capitol.
Source: http://www.columbiatribune.com/news/2010/sep/17/suspicious-substanceprompts-lockdown/
[Return to top]
Agriculture and Food Sector
27. September 19, Occupational Health and Safety – (Washington) Fruit processing plant
to pay $106,000 for failing to report ammonia release. Tree Top Inc. has agreed to
pay a $21,000 Environmental Protection Agency (EPA) penalty and complete an
$85,000 upgrade to its Selah, Washington, plant for failing to immediately report a
release of ammonia at its fruit processing plant. In addition to the penalty, Tree Top
will update its computer hardware and install an advanced ammonia detection system
that will make future releases less likely. On July 10, 2009, Tree Top had an estimated
1,000-pound ammonia release at its fruit processing center, according to the EPA
settlement. The company uses large quantities of anhydrous ammonia at the plant as a
refrigerant. According to case documents, EPA alleges that Tree Top failed to
immediately notify emergency response authorities after the ammonia release occurred,
and also failed to submit the required reporting documents. The leak occurred when a
high-pressure relief valve tripped and failed to reseat properly.
Source: http://ohsonline.com/articles/2010/09/19/fruit-processing-plant-to-pay-106000for-failing-to-report-ammonia-release.aspx?admgarea=news
28. September 19, Associated Press – (National) May frosts hurt apple crop in New
England. While apple growers in some states are enjoying an earlier-than-usual
harvest, many in New England and upper Midwest are reeling from the effects of two
hard frosts in May. The U.S. Department of Agriculture forecasts the apple crop in
every New England state except Rhode Island will be down by almost 20 percent
- 11 -
compared to 2009. The owner of Windy Ridge Orchard in North Haverhill, New
Hampshire, said he lost 80 percent of his apple crop — upwards of 5,000 bushels,
forcing him to eliminate pick-your own for the season. A fruit specialist for the
University of Massachusetts Extension Service said Massachusetts had pockets of loss,
but nothing like Vermont, New Hampshire, and Maine. Michigan was also hit hard.
The frosts hit after an unseasonably warm spring in which apple trees blossomed early,
making them most vulnerable to the cold temperatures.
Source: http://www.wcsh6.com/news/regional/story.aspx?storyid=128564&catid=46
29. September 18, Food Safety News – (National) Blocking E. coli before it moves
in. Scientists at the U.S. Department of Agriculture (USDA) recently discovered key
gene and chemical interactions that allow toxic Escherichia coli (commonly known as
E. coli or O157:H7) bacteria to colonize in the guts of cattle. According to their
research, the bovines not only host, but also can shed the deadly human pathogen.
Many E. coli O157:H7 outbreaks have been associated with contaminated meat
products and cross contamination of produce crops. Because the bacteria do not cause
cattle to show clinical symptoms of illness, and due to other unknown variables, they
can be hard to detect within the cattle as well as the environment. Researchers at the
USDA Agricultural Research Service (ARS) and an animal scientist reported on how
the E. coli bacteria are aware of a key chemical that plays a critical role in allowing the
bacteria to colonize in cattle’s gastrointestinal tracts. The scientist and the ARS Food
and Feed Safety Research Unit, based out of College Station, Texas, published the
study in the Proceedings of the National Academy of Science.
Source: http://www.foodsafetynews.com/2010/09/blocking-e-coli-before-it-moves-in/
30. September 17, Harlingen Valley Morning Star – (Texas) Fire smolders for hours
inside cotton baler. Firefighters worked for hours to control a fire that ignited inside a
cotton baler near Harlingen, Texas, September 16, fighting the blaze into early
September 17. A worker at the Valco chemical plant told officials he saw a cotton baler
erupt into flames at the site after hearing a loud pop, Harlingen’s fire marshal said. The
fire broke out sometime between 10 and 11 p.m. The fire department dispatched four
engines, a rescue truck and an aerial ladder platform to contain the blaze before it
spread to nearby equipment. “The fire was actually brought under control very quickly,
but it’s tough to completely extinguish that cotton once it gets going,” he said. At one
point, flames were 30 feet high. Firefighters were at the scene until about 2:30 a.m.
September 17 because a large amount of cotton continued to smolder inside the baler.
No one was injured.
Source: http://www.brownsvilleherald.com/news/inside-116935-baler-smolders.html
31. September 17, Associated Press – (New York) 19-year-old pleads guilty in ‘Fight
Club’ inspired explosion at New York City Starbucks. A 19-year-old pleaded guilty
September 17 to an attempted arson at a New York City Starbucks coffee shop in a predawn blast that was inspired by the movie “Fight Club.” He also pleaded guilty to
attempted criminal possession of a weapon in a deal that will send him to prison for 3
and 1/2 years when he is sentenced November 16. The suspect faced a minimum 15
years and maximum 25 years in prison had he been convicted by a jury of more serious
- 12 -
arson charges. The explosion near the Guggenheim museum on the Upper East Side on
Memorial Day 2009 shattered windows at the Starbucks but caused no injuries. The
man only said one word, “Yes,” when a Manhattan supreme court justice asked if he
intentionally damaged the shop and knew there were people in the coffee shop who
could have been harmed in the prank.
Source: http://www.foxnews.com/us/2010/09/17/year-old-pleads-guilty-fight-clubinspired-explosion-new-york-city-starbucks/
[Return to top]
Water Sector
32. September 20, Associated Press – (Iowa) Iowa town asked to conserve water after
computer problem drains water tower. Residents of Glidden, Iowa are being asked
to conserve water after a computer malfunction drained the town’s water tower. The
Iowa Department of Natural Resources said the problem happened September 19. The
agency said the malfunction was fixed that day, and by evening the tower was being
filled. In the meantime, residents are asked to conserve water and to boil water for
drinking or cooking because of the potential for bacterial contamination. The
department said the advisory will be in effect until at least September 21. Once the
tower is filled and water pressure is restored, the water will be tested to make sure it is
safe.
Source: http://www.wqad.com/news/sns-ap-ia--watertowerdrained,0,6607834.story
33. September 20, Tennessean – (Tennessee) No easy fix for leaky lagoon. Town leaders
in Thompson’s Station, Tennessee, are shaping up a plan — and carefully scrutinizing
costs — for repairs at the sewer treatment plant to satisfy a notice of violation issued by
Tennessee. The town administrator said he expected the state’s letter after leaks to a
lagoon at the 4-year-old plant were discovered weeks ago. Though the lagoon is not yet
in use, the leaks still constitute a violation of the town’s permit through the Tennessee
Department of Environment and Conservation (TDEC). A TDEC spokeswoman said
the town has 30 days to submit a plan. The state’s notice outlines the concerns: several
leaks in the lagoon’s liner and two areas where the ground appears to have collapsed
underneath that cell. The town administrator said they must identify what caused the
collapses before making repairs. The town got a quote of $31,000 to dig monitoring
wells that would be used to help with that determination. But that’s more money than
the town may have, he said, noting they are considering a budget amendment to
earmark repair funds. The state also noted the town does not yet have the deed for the
property that would be used as a drip field once the plant has reached a level that
necessitates having to discharge treated effluent. The plan was to use easements within
the Tollgate, Canterbury and Bridgemore subdivision that fronted the construction cost
for the plant in exchange for prepaid sewer connections. The town administrator said
they are working on a drip field plan for the state’s approval.
Source:
http://www.tennessean.com/article/20100920/WILLIAMSON12/9200306/2044/No+ea
sy+fix+for+leaky+lagoon
- 13 -
34. September 20, Arizona Daily Star – (Arizona) City facing major new expense to treat
water. Changing federal standards for a chemical left behind after the cleanup of TCE
and TCA from south-side groundwater could force the city of Tuscon, Arizona, — and
water customers — to spend millions of dollars on a new treatment plant. Removing
trichloroethylene, or TCE, and trichloroethane, or TCA, from groundwater leaves
behind a chemical called 1,4 dioxane, which was used to prevent the breakdown of
TCA. Although the massive federal Superfund site on the south side is able to strip out
the TCE and TCA, the 1,4 dioxane does not evaporate and stays in the water. To get
under the current federal standards of 3 parts per billion (ppb) for 1,4 dioxane in
drinking water, Tucson Water mixes the treated water from the south side with other
water not contaminated by the chemical, lowering the level in Tucson’s Water supply
to 1.15 ppb, the Tucson water director said. But Tucson Water was notified 2 weeks
ago that new federal drinking water standards will likely be issued in the wake of a new
Environmental Protection Agency risk assessment for 1,4 dioxane showing the cancer
potency factor of the chemical is nine times higher than the agency previously thought.
How low the new standard could fall hasn’t been identified, but the director said it is
likely to be below the level that Tucson Water now achieves. He also noted that, as
differing degrees of contaminated water move through the treatment plant, there is no
guarantee the city can continue to hit the 1.15 ppb standard it now achieves. Because
word of the likely change is so new, city officials have no estimate on how much the
plant will cost — beyond that it will be in the millions — or exactly when it will be
required.
Source: http://azstarnet.com/news/local/govt-and-politics/article_33365df2-7adb-5252aff3-1cca4806ad01.html
35. September 17, WTXF 29 Philadelphia – (Pennsylvania) Local counties put on
drought warnings. The Pennsylvania Department of Environmental Protection (DEP)
has put Philadelphia, Lehigh, Bucks and Montgomery counties under a drought
warning. All citizens and businesses are being told to reduce water use by 15 percent as
a voluntary measure as of September 17. If the situation does not approve, the DEP
could issue a drought emergency. The state has not issued an emergency since 2002.
Under those conditions, there would be a mandatory 15 percent cut back on water use
enforceable by law. The DEP secretary said a hot, dry summer has led to steadily
declining ground and surface water levels. He said, “Pennsylvania’s Drought Task
Force has concurred with DEP’s recommendation that drought watches and warnings
be issued for all 67 counties to alert water suppliers, industry and the public of the need
to begin conserving water.” Bucks County has been hit particularly hard. The
precipitation deficit over the past 90-day period is 5.5 inches below normal in Bucks
County.
Source: http://www.myfoxphilly.com/dpp/news/local_news/091710-local-counties-puton-drought-warnings
For more stories, see items 10, 51, and 60
[Return to top]
- 14 -
Public Health and Healthcare Sector
36. September 18, San Jose Mercury News – (California) Area hospitals expect to learn
from response to Calif. gas pipeline explosion. Area hospitals were able to ramp up
quickly and handle the dozens of injured flooding in from the gas pipeline explosion
and fire in San Bruno, California., but officials hope to use the experience to better
prepare for the next major disaster. Many of the wounded were able to drive themselves
to the emergency room and have since been treated and released, though four others
with severe injuries remained September 17 at the St. Francis Memorial Hospital Burn
Center in San Francisco.
Source: http://www.kentucky.com/2010/09/18/1441129/area-hospitals-expect-tolearn.html
37. September 18, The Tennessean – (Tennessee) MTMC exercises delayed by bomb
hoax. Secondhand information about a bomb threat at the new Middle Tennessee
Medical Center, located in tennessee September 17 disrupted tours of the facility,
employee training exercises and other preparations that were under way for the
hospital’s Oct. 2 grand opening. Murfreesboro Police and the Tennessee Highway
Patrol’s bomb squad, after an almost four-hour sweep of the building, determined there
was no explosive device in the hospital’s new facility located on Medical Center
Parkway near Interstate 24. After the all-clear was given, police attention quickly
turned back to the person responsible for making the call.
Source:
http://www.tennessean.com/article/D4/20100918/NEWS01/9180309/MTMC+exercises
+delayed+by+bomb+hoax
[Return to top]
Government Facilities Sector
38. September 20, National Public Radio – (Utah) Threat eases from ‘Machine Gun’
wildfire in Utah. Cooler temperatures and calmer and shifting winds have diminished
the wildfire threat to 1,600 homes in Herriman, Utah. But fire and police officials
continued to keep about 5,000 people out of their homes. Several neighborhoods were
evacuated September 19 after a wildfire erupted shortly after noon near a machine-gun
training range at Camp Williams, a vast military reservation used by the Army National
Guard located about 30 miles south of Salt Lake City. The “Machine Gun” fire was
sparked by a stray bullet that likely ricocheted off a rock and into dry brush, said the
National Guard commander in Utah. Military firefighters attacked the relatively small
blaze and believed it was out, he said. But the region was under a National Weather
Service “Red Flag” warning for hot and dry conditions conducive to wildfire and when
wind gusts picked up 3 hours later, the blaze flared up from 300 to 3,500 acres, and
raced out of control. “It’s the biggest [fire] I’ve seen here,” the National Guard
commander said. Training has triggered wildfires in the past, and the National Guard
has protocols for conducting training when wildfire is possible. State and county
officials promised an investigation. More than 120 National Guard soldiers were
- 15 -
activated to assist police and firefighters.
Source: http://minnesota.publicradio.org/features/npr.php?id=129986485
39. September 20, Salida Mountain Mail – (Colorado) Firearm report spurs school
evacuation. The report of a person with a firearm spurred evacuation of Buena Vista
Middle School in Buena Vista, Colorado about 7:15 p.m. September 17, and a fullscale, multi-agency response by law enforcement. Information from the Buena Vista
Police Chief said the initial 911 call reported that juvenile witnesses saw the person in
the area with a firearm. A number of students and faculty members were in the middle
school attending a movie night. In addition, the Buena Vista cross country team would
be returning to the school after a meet. Officers from Buena Vista Police Department
and Chaffee County Sheriff’s Deputies responded, placing the school under
“lockdown,” the police chief reported. He said students and staff members were
evacuated to the Sangre De Christo Electric building on north U.S. 24 where parents
could pick up their children. After a short time, the police chief reported officers
identified a juvenile suspect who turned over a black Airsoft brand handgun designed
to shoot plastic pellets.
Source:
http://www.themountainmail.com/main.asp?SectionID=4&SubSectionID=4&ArticleID
=20315
40. September 20, Times Beacon Record – (New York) SBU dorm evacuated. On
September 19, an “unknown irritant” caused Hand College, a dormitory on the campus
of Stony Brook University (SBU), in Stony Brook, New York, to be evacuated and
decomtaminated. The substance caused several students to suffer eye and throat
irritation and led to the deployment of haz-mat trailers from Brookhaven Town and
Suffolk County. According to a statement from SBU, “A total of 20 students who were
on or in the immediate vicinity of the third floor were decontaminated as a precaution.
Of these students, a total of four were transported (treated and discharged) to
University Medical Center with minor irritation complaints.”
Source: http://www.northshoreoflongisland.com/Articles-i-2010-09-16-85371.112114sub_SBU_dorm_evacuated.html
41. September 17, Enid News & Eagle – (Oklahoma) Explosive detector dog alerts on
truck at Vance AFB. A military explosive detector dog alerted to a commercial
vehicle attempting to enter the Baker, or industrial, gate at Vance Air Force Base near
Enid, Oklahoma September 17. Vance emergency personnel and an explosive
ordinance team from McConnell AFB, Kansas, have responded to protect the public
and assess the threat, according to a release from Vance’s public affairs office. The
Baker gate has been closed and will remain so until further notice.
Source: http://enidnews.com/localnews/x213894377/BREAKING-Explosive-detectordog-alerts-on-truck-at-Vance-AFB
42. September 17, FoxNews – (New York) U.N. ignores risks of terror attack, New York
City says. As the United Nations (U.N.) hosts scores of world leaders at its annual
General Assembly this month — and a special summit called by the Secretary General
- 16 -
for September 20 — behind-the-scene tensions are high between the world organization
and New York City, which has repeatedly warned that the U.N. complex on
Manhattan’s East side is dangerously exposed to potential terrorist attacks. Top city
officials, including the mayor and police commissioner, feel frustrated that after years
of negotiations and a $1.8 billion U.N. facelift that is now under way, the U.N. is
ignoring blunt and dire warnings about the risks faced at the 17-acre complex. “The
city is not satisfied with the U.N.’s response to date,” declared a mayoral spokesman.
“The U.N. has not adopted the city’s security recommendations for the headquarters
campus.” The city’s concerns are major. In some places at the periphery of the U.N.
complex, little more than a wheel-barrow full of high explosives could have a
disastrous effect. In others, a truck-bomber could drive within a few yards of the
complex before setting off a blast that could be as devastating as the 1995 Oklahoma
City, Oklahoma bombing at the Alfred P. Murrah Federal Building.
Source: http://www.foxnews.com/world/2010/09/16/exclusive-ignores-risks-terrorattack-new-york-city-says/?test=latestnews
43. September 16, Alexandria Daily Town Talk – (Louisiana) City website’s hacked link
fixed. A link on the city of Alexandria’s (Louisiana) Web site that had been
compromised by a hacker now has been fixed. A hacker, known as S3nleVeyaSensiz
and describing himself as a “Turkish Attacker,” had posted a profane message as well
as a hooded image wearing a Turkish flag on the city’s Web site last week. The site
page now contains two links from a February meeting on the city’s planned Sugarhouse
Road extension project.
Source: http://www.thetowntalk.com/article/20100916/NEWS01/9160317
For more stories, see items 12, 25, and 26
[Return to top]
Emergency Services Sector
See items 3 and 4
[Return to top]
Information Technology Sector
44. September 20, Computerworld – (International) Adobe moves up Flash fix, will patch
bug today. Adobe has accelerated the delivery of a patch for a critical vulnerability in
Flash and will ship the fix September 20, rather than next week as originally scheduled.
Chrome users, however, got the patch September 17, one of the benefits of an April
Google-Adobe deal. The bug, which Adobe acknowledged September 13, can be used
by attackers to commandeer machines running the popular media player. According to
the US-CERT (United States Computer Emergency Readiness Team) hackers can
exploit the vulnerability by enticing users to a malicious Web site, or by getting them to
open rigged PDF or Microsoft Word documents. Adobe last week called the ongoing
- 17 -
attacks “targeted” and “limited,” and aimed only at Windows users. Security vendors
have also unearthed in-the-wild threats leveraging the Flash bug.
Source:
http://www.computerworld.com/s/article/9186638/Adobe_moves_up_Flash_fix_will_p
atch_bug_today
45. September 20, The H Security – (International) Workaround for ASP.NET server’s
encryption vulnerability. In a security advisory, Microsoft has confirmed the
vulnerability in the process used by ASP.NET applications to encrypt cookies and other
session information. In the announcement for the security advisory, Microsoft said it
was not, so far, aware of any attacks. However, the security group encouraged users to
“review the advisory for mitigations and workarounds.” A blog entry describes how to
implement the workarounds and offers a script to help administrators determine
whether their ASP.NET applications are vulnerable. The cause of the problem was
highlighted last week by two security researchers who established that there was an
issue with how the ASP.NET framework encrypted data. Usually, this uses the
Advanced Encryption Standard (AES) in Cipher Block Chaining mode (CBC), but this
mode is vulnerable to what are called Padding Oracle Attacks PDF which can allow
encrypted data, such as cookies, to be decrypted without the key.
Source: http://www.h-online.com/security/news/item/Workaround-for-ASP-NETserver-s-encryption-vulnerability-1081837.html
46. September 20, Government Computer News – (International) Apple’s Ping social
networking site quickly hit by spammers. Less than 1 week after introducing its new
music-oriented social networking site September 1, Apple had to begin scrubbing Ping
clean of spammers and scammers who almost immediately began infiltrating the
network. Ping was launched as a feature of Apple’s new iTunes 10 music mart. “With
Ping, you can follow your favorite artists and friends and join a worldwide
conversation with music’s most passionate fans,” Apple’s CEO said in an
announcement. He probably was not expecting that within hours, fans also would be
swamped with offers for free iPhones, iPads, iPods and other iGoodies from Web site
ads, and survey offers in the comments sections of posts on popular artists. “This
development does not come as a surprise,” said the vice president of technology
strategy at M86 Security. “Ping is a social network and ... cyber criminals have been
targeting social networks for quite some time.” The two grand dames of social
networking, Twitter and Facebook, have long been spam vectors. But Ping’s online
filters were focused more on obscenity and copyright violations than possible
spammers.
Source: http://gcn.com/articles/2010/09/20/cybereye-box-apple-ping-spammers.aspx
47. September 20, The Register – (International) 4chan launches DDoS against
entertainment industry. Members of 4chan launched a series of distributed denial of
service attacks (DDoS) against Web sites maintained by the Motion Pictures
Association of America and Recording Industry Association of America over the
weekend, protesting actions taken against torrent tracker Web site the Pirate Bay.
“Operation: Payback Is A [expletive]” began as an attack against Aiplex — an Indian
- 18 -
firm that carries out DDoS attacks on Web sites hosting BitTorrent trackers that fail to
respond to takedown notices — before progressing onto other entertainment industry
Web sites. Packet floods knocked entertainment Web sites offline intermittently
throughout the weekend. The attacks were initially coordinated via an Internet Relay
Chat channel, which has since been taken offline. Participants in the attacks are invited
to download one of two attack tools. It is unclear whether or not participants in the
attack are using zombie networks of compromised PCs.
Source: http://www.theregister.co.uk/2010/09/20/4chan_ddos_mpaa_riaa/
48. September 18, Softpedia – (International) Sites hosted at Go Daddy hit by mass
injection attack again. Researchers from Sucuri Security, a company running a Web
integrity monitoring service, warn that a number of Web sites hosted at Go Daddy have
had malicious code injected into their pages. All infected sites had base64-encoded
JavaScript added to all of their PHP files. The rogue scripting decodes to a element,
which loads content from a third-party domain. The external code redirects visitors to a
scareware distribution Web site, which mimics an antivirus scan and displays fake
warnings about infections on their computers. The goal of the scam is to trick users to
buy licenses for a useless application, which claims to be able to clean malware, that
wasn’t even there to begin with. The company provides a generic Web site clean-up
script, which according to some comments worked for removing this latest infection.
However, those amongst the affected Web site owners should check first with Go
Daddy, as they might already have a solution for this attack.
Source: http://news.softpedia.com/news/Sites-Hosted-at-Go-Daddy-Hit-by-MassInjection-Attack-Again-156997.shtml
49. September 17, DarkReading – (International) Forrester pushes ‘zero trust’ model for
security. Trust no one, not even end users: That’s the underlying theme of a new
security model proposed by Forrester Research called “Zero Trust,” which calls for
enterprises to inspect all network traffic, from the outside and on the inside. A senior
analyst with Forrester said the current trust model in security is broken and the only
way to fix it is to get rid of the idea of the trusted internal network and the untrusted
external network. Instead consider all network traffic untrusted, he said. “Times have
changed. You can’t think about trusted and untrusted users” anymore, said the analyst,
who gave more details on the model at Forrester’s Security Forum in Boston,
Massachusetts. The wave of damaging insider-borne breaches during the past few years
illustrates the importance of being able to see everything going on in the network, he
said. Zero Trust means inspecting all traffic in real time, and a new category of
products called network analysis and visibility, which combines several niche tools —
such as forensics, packet capture, meta data analysis, and network discovery flow
analysis — such that they provide visibility and analysis of traffic and do not disrupt
business processes.
Source:
http://www.darkreading.com/insiderthreat/security/perimeter/showArticle.jhtml?articleI
D=227500145
- 19 -
50. September 17, The H Security – (International) Stuxnet also found at industrial
plants in Germany. Siemens is reporting that industrial plants in Germany have also
been hit by the Stuxnet worm. According to a spokesperson for Siemens, about one
third of the 15 infections discovered at industrial plants worldwide have been found at
sites in the German process industry sector. Siemens’ own plants are said not to be
affected. Analyses by Siemens have confirmed that Stuxnet can, in theory, manipulate
Programmable Logic Controllers (PLCs). However, the behavior has not been observed
in the wild. According to the spokesperson, Stuxnet checks the configurations of
infected WinCC or PC7 systems for existing data blocks. If it finds suitable blocks, it
becomes active and modifies the controller code. If it doesn’t find any, it remains
inactive. The worm seems to look for specific types of systems to manipulate. Siemens
couldn’t provide details about which systems are or could be affected. The
spokesperson said no system with an active worm has so far been observed.
Automation system security specialists Langner Communications have released a more
detailed analysis of how Stuxnet manipulates PLCs on its Web site. According to this
analysis, the worm injects arbitrary code when transmitting blocks of code to the PLC.
To compromise data transmissions, it diverts the data via a wrapper DLL before
submitting it to the SIMATIC Device Operating System’s original s7otbxdx.dll library
for processing.
Source: http://www.h-online.com/security/news/item/Stuxnet-also-found-at-industrialplants-in-Germany-1081469.html
Internet Alert Dashboard
To report cyber infrastructure incidents or to request information, please contact US-CERT at sos@us-cert.gov or
visit their Web site: http://www.us-cert.gov
Information on IT information sharing and analysis can be found at the IT ISAC (Information Sharing and
Analysis Center) Web site: https://www.it-isac.org
[Return to top]
Communications Sector
51. September 20, Associated Press – (New Mexico) Water main break leads to Internet
outage in Alq. A water main break has shut down Internet and phone service in
portions of northwest Albuquerque, New Mexico. Qwest said almost 100 Albuquerque
homes and businesses will be without service through September 21. The water main
break at a Qwest office near 4th Street and Griegos Road is to blame. A Qwest
spokesman said service should be fully restored by the morning of September 21 at the
latest.
Source: http://www.newswest9.com/Global/story.asp?S=13183405
52. September 18, Binghamton Press & Sun-Bulletin – (New York) Vestal crash takes out
Time Warner cable, Internet. Thousands of Time Warner cable and Internet
customers were without service for most of the day and night September 18 after a car
crash downed a utility pole along Vestal Parkway near Binghamton University in
- 20 -
Vestal, New York. Two teenagers were unhurt in the accident, which took place at
11:26 a.m. The accident damaged a Time Warner Cable fiber optics line knocking out
cable and Internet service to most neighborhoods west of the crash. Outages were
reported in Vestal, Endicott, Endwell and the Town of Union. It is not known how
many customers were affected and when their cable service would be restored.
Customer service lines to Time Warner in Vestal were continuously busy throughout
the day September 18. As many as 12 linemen from Time Warner remained on the
scene throughout the day trying to repair the severed fiber optics line that supplies
cable television and high-speed Internet services to thousands of customers in the
Binghamton region.
Source:
http://www.pressconnects.com/article/20100918/NEWS01/100918002/1112/Vestalcrash-takes-out-Time-Warner-cable--Internet
53. September 17, United Press International – (International) Rogue satellite still
‘talking’. An uncontrollable satellite drifting in orbit did not shut itself down as
predicted and is posing signal interference risk to other satellites, experts said. Intelsat’s
Galaxy 15 communications satellite, dubbed the “zombie satellite,” lost contact with its
controllers in April but is stuck “on” and continues to transmit signals as its operators
on Earth work to avoid potential interference with other nearby spacecraft, SPACE.com
reported September 17. Intelsat engineers had estimated that the satellite would lose
power and shut itself off in late August, but that has not happened. Intelsat officials said
there is no risk of it physically colliding with other spacecraft, so their team’s main
focus is preventing Galaxy 15’s signals from interfering with neighboring satellites.
The 4,171-pound satellite went rogue April 5 when it stopped responding to controllers
on the ground but maintained an active payload, with its telecommunications
transmitter still functioning. Several attempts to shut down Galaxy 15 have failed,
leaving the defunct satellite stuck drifting in space and still “talking.”
Source: http://www.spacemart.com/reports/Rogue_satellite_still_talking_999.html
[Return to top]
Commercial Facilities Sector
54. September 19, KMGH 7 Denver – (Colorado) Man arrested, bomb hoax forces
Golden Hotel evacuation. A 19-year-old Golden, Colorado, man was arrested in
connection with the suspicious device “resembling a bomb” that was found in a
stairwell in the Golden Hotel September 19, forcing the evacuation of about 40 guests.
However, the suspect was released pending a decision on whether to file charges by the
Jefferson County District Attorney’s Office, police said. The Jefferson County sheriff’s
bomb squad responded to the scene and deployed a robot at one point. The suspicious
device was determined to be a hoax and was removed from the hotel. Guests were then
allowed to go back into the hotel.
Source: http://www.thedenverchannel.com/news/25077327/detail.html
- 21 -
55. September 18, McDonough County Voice – (Illinois) Hotel evacuated after meth lab
found. A Macomb, Illinois, hotel was evacuated September 16 after an anonymous tip
led to the discovery of a methamphetamine lab in one of the rooms. A search warrant
was obtained for the room, and officers discovered a “working” methamphetamine lab,
which the Illinois State Police Methamphetamine Response Team (ISP-MRT)
confirmed was active. Officers made contact with the room’s two occupants and then
seized 86.4 grams of methamphetamine and 3.8 grams of heroin, both packaged for
delivery; a .380 caliber handgun and ammunition; syringes, less than 2.5 grams of
marijuana, digital scales, packaging material, and a spring-loaded stiletto knife.
Officers placed the pair under arrest, secured the room and took two children, ages 1
and 3, who were in the room, into temporary protective custody. The motel was
evacuated and the Macomb Fire Department stood by until the ISP-MRT removed the
lab.
Source: http://www.mcdonoughvoice.com/news/x1685470989/Hotel-evacuated-aftermeth-lab-found
56. September 18, San Diego Union-Tribune – (California) Copycat suicide: Toxic fumes
in car. A man apparently killed himself with toxic fumes inside his car after posting
warning signs in the windows September 18 in Carmel Mountain, California, in a
copycat suicide of an incident in August, San Diego police said. Officers found the 46year-old Mira Mesa man’s body in his car, which was parked in the back corner of a
strip mall parking lot on Carmel Mountain Road. Police evacuated the skate park as a
precaution, cordoned off the parking lot, and called the San Diego Fire-Rescue
Department and a hazardous materials crew. The man’s family called police about 3:30
p.m. to report that he had been missing since noon September 17, a police lieutenant
said. His cell phone signal led officers to the strip mall about 5 p.m., where they found
the car with hand-written warning signs taped to the windows. The man had used
common household chemicals, which, combined, filled the car with toxic gas.
Hazardous materials crews removed the items. On August 14, a man committed suicide
by creating a lethal hydrogen sulfide gas from common chemicals in his car at Black
Mountain Park in Rancho Penasquitos. The man put a sign in his dashboard that said,
“Don’t open, Call hazmat or 911.” The police lieutenant said he did some research after
the first incident and learned this method of suicide had become prevalent in Japan, and
now has spread to several cases across the United States.
Source: http://www.signonsandiego.com/news/2010/sep/18/copycat-suicide-toxicfumes-car/
57. September 17, WTVF 5 Nashville – (Tennessee) Businesses evacuated during bomb
scare in Hohenwald. Police said a man walked into a business in Hohenwald,
Tennessee with a briefcase and said he had a bomb. The scare forced evacuations of 15
nearby businesses. Hohenwald police called Columbia’s bomb squad into action. They
arrived with their robot and opened the briefcase, but found nothing but papers. The
man with the briefcase was charged with resisting arrest, disturbing the peace and
carrying a prohibited weapon.
Source: http://www.newschannel5.com/Global/story.asp?S=13176190
- 22 -
[Return to top]
National Monuments and Icons Sector
58. September 20, Denver Post – (Colorado) Fire in Rocky Mountain National Park
under control. Fire crews brought a 40-acre grass fire under control on the west side of
Rocky Mountain National Park in Colorado late September 19 after the blaze had
closed a portion of Trail Ridge Road. The Onahu fire — north of Grand Lake — started
in grass along Trail Ridge Road September 19, a RMNP spokesman said. The blaze
posed no threat to campgrounds, structures or visitors. Trail Ridge Road was reopened
about noon September 19 to one-lane traffic with an escort. Park officials were
considering increasing fire restrictions, which are now at Level 1, the level set
throughout the year. The current restrictions allow fires only in developed
campgrounds and picnic sites designated for campfires and in some backcountry sites
where there are fire rings.
Source: http://www.denverpost.com/news/ci_16119843
59. September 18, KCRA 3 Sacramento – (California) Wildfires Burn In Eldorado
National Forest. Two active wildfires were burning in Eldorado National Forest in
Sacramento, California, September 18, officials said. The “Black Fire,” on the Ralston
Ridge area, had burned 10 acres while the “Point Fire” had burned 2 acres. Seven fire
engines and four helicopters were fighting the blazes, which were 0 percent contained.
No structures were destroyed and there were no injuries, but a power line and two
campgrounds were threatened. Officials expected a Pacific frontal system moving
across Northern California to possibly bring rain September 18 and 19. The causes of
the fires were under investigation.
Source: http://www.kcra.com/news/25069288/detail.html
60. September 18, Eureka Times-Standard – (California) Cleaning up the mess: U.S.
Forest Service picks up what marijuana growers leave behind. U.S. Forest Service
crews from the Lower Trinity Ranger District removed more than 10 cubic yards of
trash this week from six abandoned marijuana grow sites in remote areas of Six Rivers
National Forest near Willow Creek, California. According to a press release, it is a
common occurrence. A helicopter September 16 was used to transport large amounts of
trash, garden hoses, propane tanks, insecticides and other waste from old grow sites to
be disposed of properly. The use of herbicides, pesticides and poisons can cause
extensive, long-term damage to natural resources and impact public drinking water for
hundreds of miles, according to the release. Additionally, the operations can destroy
timber, vegetation and wildlife habitats, as well as divert needed water from
watersheds, streams and public drinking water supplies. With hunting season quickly
approaching, the forest service is warning that more members of the public may be
stumbling upon remote active or inactive marijuana growing operations in the forest.
Source: http://www.times-standard.com/localnews/ci_16110426
[Return to top]
- 23 -
Dams Sector
61. September 18, Associated Press – (District of Columbia) Work set to begin on
National Mall levee system. The U.S. Army Corps of Engineers has awarded a $4.6
million contract to improve a levee system that would help protect downtown
Washington D.C. and the National Mall from river flooding. Officials announced
September 17 that work will finally begin in October with completion in 2011. In 2008,
the Federal Emergency Management Agency (FEMA) issued new maps declaring
much of downtown Washington a flood zone. That could have led to stricter building
codes and insurance requirements. But FEMA rescinded those maps after D.C. officials
pledged to build an improved levee system by the end of 2009. Work will begin about 1
year late. It will tackle a major weakness in the levee at 17th Street on the mall with a
new removable barrier system to be used during a flood. The contract was awarded to
Hirani Engineering and Land Surveying of Jericho, New York.
Source: http://www.wtop.com/?nid=25&sid=2056244
62. September 17, American Rivers – (Oregon) It’s official: Removing Klamath Dams
saves money for power customers. On September 17, the Oregon Public Utility
Commission (OPUC) — the Oregon agency charged with protecting utility customers
— formally ruled, after months of investigation, that the proposed Klamath
Hydroelectric Settlement Agreement (KHSA) is indeed in the best interests of
PacifiCorp ratepayers as well as the cheapest alternative for the company. The basis of
the commission’s official finding is the significant cost savings of dam removal over
retrofitting and relicensing. The KHSA would lead to the removal of four dams on the
Klamath River in 2020, pending environmental reviews and approval by the Secretary
of Interior. The only other alternative is a much more expensive relicensing proceeding
through the Federal Energy Regulatory Commission, the federal agency which licenses
dams, which the commission found will likely cost PacifiCorp’s customers far more
money than dam removal.
Source: http://www.commondreams.org/newswire/2010/09/17-0
[Return to top]
- 24 -
DHS Daily Open Source Infrastructure Report Contact Information
About the reports - The DHS Daily Open Source Infrastructure Report is a daily [Monday through Friday]
summary of open-source published information concerning significant critical infrastructure issues. The DHS Daily
Open Source Infrastructure Report is archived for ten days on the Department of Homeland Security Web site:
http://www.dhs.gov/iaipdailyreport
Contact Information
Content and Suggestions:
Send mail to cikr.productfeedback@hq.dhs.gov or contact the DHS
Daily Report Team at 703-872-2267
Subscribe to the Distribution List:
Visit the DHS Daily Open Source Infrastructure Report and follow
instructions to Get e-mail updates when this information changes.
Removal from Distribution List:
Send mail to support@govdelivery.com.
Contact DHS
To report physical infrastructure incidents or to request information, please contact the National Infrastructure
Coordinating Center at nicc@dhs.gov or (202) 282-9201.
To report cyber infrastructure incidents or to request information, please contact US-CERT at soc@us-cert.gov or visit
their Web page at www.us-cert.gov.
Department of Homeland Security Disclaimer
The DHS Daily Open Source Infrastructure Report is a non-commercial publication intended to educate and inform
personnel engaged in infrastructure protection. Further reproduction or redistribution is subject to original copyright
restrictions. DHS provides no warranty of ownership of the copyright, or accuracy with respect to the original source
material.
- 25 -
Download