Homeland Security Current Nationwide Threat Level ELEVATED Daily Open Source Infrastructure Report for 21 September 2010 Significant Risk of Terrorist Attacks For information, click here: http://www.dhs.gov Top Stories According to the U.S. Department of Justice, a scientist and his wife, who both previously worked as contractors at the Los Alamos National Laboratory in New Mexico, have been indicted on charges of communicating classified nuclear weapons data to a person they believed to be a Venezuelan government official, and conspiring to participate in the development of an atomic weapon for Venezuela. (See item 12) National Public Radio reports that cooler temperatures and calmer and shifting winds have diminished the wildfire threat to 1,600 homes in Herriman, Utah. Several neighborhoods were evacuated September 19 after a wildfire erupted shortly after noon near a machinegun training range at Camp Williams, a vast military reservation used by the Army National Guard located about 30 miles south of Salt Lake City. (See item 38) Fast Jump Menu PRODUCTION INDUSTRIES • Energy • Chemical • Nuclear Reactors, Materials and Waste • Critical Manufacturing • Defense Industrial Base • Dams SUSTENANCE and HEALTH • Agriculture and Food • Water • Public Health and Healthcare SERVICE INDUSTRIES • Banking and Finance • Transportation • Postal and Shipping • Information Technology • Communications • Commercial Facilities FEDERAL and STATE • Government Facilities • Emergency Services • National Monuments and Icons Energy Sector Current Electricity Sector Threat Alert Levels: Physical: ELEVATED, Cyber: ELEVATED Scale: LOW, GUARDED, ELEVATED, HIGH, SEVERE [Source: ISAC for the Electricity Sector (ES-ISAC) [http://www.esisac.com] -1- 1. September 20, KVVU 5 Las Vegas – (Nevada) Explosion rocks gas station, hurts businesses. An explosion at a gas station in North Las Vegas, Nevada, over the weekend not only means the station is a total loss, it’s hurting nearby businesses, too. The explosion created a huge fireball at the gas station near Craig Road and Interstate 15 late September 18 or early September 19. No one was hurt in the explosion, but it did tear the roof off the building and send the front door flying about 100 feet in the air, fire officials said. The JCW Petroleum Mini Mart had recently closed to business. But two employees working at a restaurant next door were present when the gas station blew up. “They actually felt the boom,” the owner of Viva Zapatas said. “They went out to the front of the restaurant and they were looking out the windows, and that’s when they saw a lot of fireballs shooting out of the building next door.” The fire started in the building and the gas pumps weren’t involved, firefighters said. The gas station was a total loss, suffering $100,000 worth of damage. Source: http://www.fox5vegas.com/news/25081189/detail.html 2. September 19, Los Angeles Times and Associated Press – (Louisiana) Blown-out BP well finally killed at bottom of Gulf of Mexico. The BP oil well in the Gulf of Mexico — source of the largest offshore oil spill in U.S. history — has been permanently killed, a top federal official announced September 19. The federal spill response chief said pressure tests confirmed that BP’s effort to intersect the well 50 miles off of the coast of Louisiana and plug it with cement nearly 18,000 feet below the ocean surface had proved successful. “With this development, which has been confirmed by the Department of the Interior’s Bureau of Ocean Energy Management, we can finally announce that the Macondo 252 well is effectively dead,” the federal spill response chief said in a statement. “Additional regulatory steps will be undertaken, but we can now state, definitively, that the Macondo well poses no continuing threat to the Gulf of Mexico.” Source: http://latimesblogs.latimes.com/greenspace/2010/09/blown-out-bp-well-finallykilled-at-bottom-of-gulf-of-mexico.html 3. September 18, Farmington Daily Times – (New Mexico) San Juan County authorities practice mock disasters. New Mexico area law enforcement agencies responded to a mock explosion on a pipeline on County Road 4990, and a mock mass shooting at ConocoPhillips on U.S. 64 September 18 during an emergency training event intended to practice for real disasters. The annual training event, hosted by an oil and natural gas company and authorities throughout San Juan County, allows officials from police, firefighters, paramedics and the New Mexico National Guard the opportunity to practice working together, the San Juan County emergency manager said. The purpose is to not only determine areas that need improvement, but also to practice in the event a local, domestic terrorist attack occurred, he said. Source: http://www.daily-times.com/ci_16115450 4. September 18, Intelligencer and Wheeling News Register – (West Virginia) Gas well training begins for responders. With new gas wells being drilled throughout the United States at an increasing rate, the chances of an emergency situation is also increasing. Following the gas well explosion on Beam’s Lane in Moundsville, West -2- Virginia in June, and a second incident off U.S. 250 near Cameron, West Virginia in July that required the evacuation of residents near the well, the Marshall County emergency management director saw the immediate need for training of first responders. As a result, the first in a series of gas well emergency training classes took place September 18 at the Limestone Volunteer Fire Department. Some 44 participants, including representatives of all the Marshall County volunteer fire departments, search and rescue teams, emergency management and industry personnel attended. Source: http://www.news-register.net/page/content.detail/id/541942.html?nav=515 5. September 17, Beckley Register-Herald – (West Virginia) Man suffers burns after alleged copper theft attempt. A man suffered serious burns September 16 behind the locked gate of an Appalachian Power Co. substation in Raleigh County, West Virginia officials said. Firefighters said they found a man on his knees inside the substation on Pemberton Road in Coal City with copper surrounding him. When asked if the man was attempting to steal copper, the Coal City fire chief said, “If I had to take an educated guess, I would say yes. He was behind a locked gate with tools suggesting that is what he was doing.” Coal City VFD safety officer, the first firefighter to arrive at the scene shortly after 2 p.m., said the man had third-degree burns from the waist up and a hole in his left leg where it is believed the electrical current exited his body. The man was in critical condition. As a result of the incident, more than 600 APCO customers lost power. As of 8 p.m. September 16, power had been restored to more than 430 customers, with the remaining outages expected to be restored later that night. Source: http://www.register-herald.com/todaysfrontpage/x721418749/Man-suffersburns-after-alleged-copper-theft-attempt [Return to top] Chemical Industry Sector 6. September 17, TheMonitor.com – (Texas) Demolition workers spark Donna chemical fire. Demolition workers accidentally started a fire at an old chemical manufacturing plant in Donna, Texas, September 17. The facility is used to manufacture napthalene, a chemical used for dry cleaning solutions, a Mid-Valley emergency coordinator said. The workers, contracted by the City of Donna, were demolishing the building when the chemicals inside caught fire. “Fortunately there was no explosion,” he said. “It was a highly voliatile chemical. The Donna Fire Department was able to put it out very quickly using foam.” Officials feared the foam and water used to extinguish the fire would mix with floodwaters and cause further flooding. A company was hired to clean up the portion of the facility that was damaged and contaminated by the fire. That company was able to contain the water before it posed a problem for the city. The emergency coordinator expected the clean-up to be finished by September 18 or 19 if heavy rain does not deter the efforts. The Texas Commission on Environmental Quality was called in to handle the investigation. Source: http://www.themonitor.com/articles/workers-42863-chemical-demolition.html For another story, see item 27 -3- [Return to top] Nuclear Reactors, Materials and Waste Sector 7. September 20, Patriot News – (Pennsylvania) TMI shuts down because of generator problem. Three Mile Island Unit 1 in Londonderry Township, Pennsylvania went off line at 11:25 p.m. September 20 when the plant’s turbine generator shut down, a spokesman for plant owner Exelon reported. Plant technical experts are working to determine the cause, he said. When the plant shut down, steam was released that people nearby may have heard, the spokesman said, but there was no health threat. Electricity customers are not affected by the plant being offline, he said. Source: http://www.pennlive.com/midstate/index.ssf/2010/09/tmi_shuts_down_because_of_gen e.html 8. September 19, Poughkeepsie Journal – (New York) Concerns remain after nuke plant shutdown. With both reactors shut down at Indian Point in the same week that the federal government tested emergency evacuation plans, safety issues at the nuclear plant in Buchanan, New York dominated regional news reports. The plant is back at full power and the September 17 report card on disaster preparedness came back with a passing grade — but concerns linger. “You’re not talking about a toy factory, this is a nuclear plant,” said a Yorktown Heights resident. “I know they do some good things, and obviously we need the power. But if you have a problem with a nuclear plant, the potential risk is astronomical.” That seems to be the issue that won’t go away — the question of how bad things could get if there were a real emergency at the site. Officials from plant owner Entergy Nuclear point to the industry’s safety record versus coal mining, natural gas, petroleum and other forms of electricity generation. Source: http://www.poughkeepsiejournal.com/article/20100919/NEWS01/9190375/Concernsremain-after-nuke-plant-shutdown [Return to top] Critical Manufacturing Sector 9. September 18, WVLT 8 Knoxville – (Tennessee) Inspectors search for cause of Alcoa plant fire. It took fire crews nearly 2 hours to fully put out a fire at the Alcoa plant in Blount County, Tennessee. Officials with the company said that the fire originated in the “Hot Mill” area of the North Plant just before 1:30 p.m. September 18. All workers were evacuated safely. Flames from the blaze quickly spread to the rafters. At least six units from the City of Alcoa and Blount County Fire Departments were dispatched to the plant around 1:45 p.m. They arrived minutes later, at which point smoke could be seen coming from the facility for several miles. The fire and hot spots were extinguished just before 4 p.m. Company inspectors almost immediately went to work trying to determine the cause of the fire and how much damage it caused to the facility. -4- The North Plant is officially known as the Rigid Packaging Plant and is used to produce aluminum for beverage cans. Alcoa is the world’s third largest producer of aluminum, and its products are used worldwide in aircraft, automobiles, oil and gas, building and construction, and industrial applications. Source: http://www.volunteertv.com/news/headlines/103204294.html 10. September 17, WTHR 13 Indianapolis – (Indiana) Allison transmission plant evacuated. The Allison Transmission plant in Indianapolis, Indiana was evacuated September 17 due to a fire. The fire and subsequent power outage caused a wastewater containment system to release wastewater, which contains some lubricating oils and coolant, onto the parking areas at the plant. The fire was caused by a broken water pipe, which sprayed onto a 4100-volt power supply. The resulting power outage caused the wastewater containment system to stop working, resulting in a release of wastewater onto the plant’s parking areas. The fire department said the spill containment procedures put in place by Allison have contained the wastewater on property and as a result, no ecological damage is expected from this incident. No injuries were reported due to the fire or release. The wastewater contains cooling tower water and process water used within the plant. It is mostly water, with some lubricating oils and coolants mixed in. Allison’s Transmission is currently working with the fire department and Marion County Health to prevent any further damage or incidents. Source: http://www.wthr.com/story/13172874/allison-transmission-plantevacuated?redirected=true [Return to top] Defense Industrial Base Sector 11. September 19, Huntsville Times – (National) Huntsville company putting digital ‘backbone’ in Army armored vehicles. A Huntsville, Alabama company is helping put some badly needed “digital backbone” into the Mine Resistant Ambush Protected (MRAP) ground vehicle essential to troops in Afghanistan, Iraq and elsewhere. MRAPs were hurriedly developed by different manufacturers to replace the lighter Humveetype vehicles that were more vulnerable to improvised explosive devices and other weapons. Since the MRAPs were fielded quickly to protect troops, little provision was made for C4ISR electronics — Command, Control, Communications and Computer, Intelligence, Surveillance and Reconnaissance. The Army needed a “digital backbone” kit that could handle all the high-tech gear and be quickly installed in the theater of operations. Six companies produce the components for the digital backbone kit, which includes “smart” flat-panel displays from General Dynamics of Canada and a sophisticated video and data-distribution hub, called OmniScape, made by DRS Test and Energy Management in Huntsville. Source: http://blog.al.com/huntsville-times-business/2010/09/post_14.html 12. September 17, U.S. Department of Justice – (New Mexico) Former workers at Los Alamos charged with transmitting classified nuclear weapons data. The Justice Department (DOJ) September 17 announced that a scientist and his wife, who both -5- previously worked as contractors at the Los Alamos National Laboratory (LANL) in New Mexico, have been indicted on charges of communicating classified nuclear weapons data to a person they believed to be a Venezuelan government official, and conspiring to participate in the development of an atomic weapon for Venezuela, among other violations. Both defendants were arrested by FBI agents September 17. If convicted of all the charges in the indictment, the defendants face a potential sentence of life in prison. The indictment does not allege that the government of Venezuela or anyone acting on its behalf sought or was passed any classified information, nor does it charge any Venezuelan government officials or anyone acting on their behalf with wrongdoing. Further, the indictment does not charge any individuals currently working at LANL with wrongdoing. According to the indictment, one of the defendants had a series of conversations in March 2008 with an undercover FBI agent posing as a Venezuelan government official. During these conversations, he discussed his program for developing nuclear weapons for Venezuela. Among other things, the suspect allegedly said he could help Venezuela develop a nuclear bomb within 10 years and that, under his program, Venezuela would use a secret, underground nuclear reactor to produce and enrich plutonium, and an open, above-ground reactor to produce nuclear energy. Source: http://www.justice.gov/opa/pr/2010/September/10-nsd-1044.html 13. September 17, WSMV 4 Nashville – (Tennessee) Flare plant to partially reopen after explosion. A manufacturing facility that makes flares for the U.S. military is set to partially reopen September 20 after three workers were severely burned in an explosion there. The Jackson Sun reports Kilgore Flares in Toone, Tennesee will resume operations in sections of the plant that don’t use processes that may have caused the September 14 fire. Three employees were burned on at least half their bodies. They were still hospitalized in Memphis. Kilgore officials said the three put together magnesium- and Teflon-coated parts, caps and other pieces for countermeasure decoy flares used to protect Air Force F16s from heat-seeking missiles. Source: http://www.wsmv.com/news/25054629/detail.html [Return to top] Banking and Finance Sector 14. September 20, LoanSafe.org – (New Jersey) Former Chase employee charged in $1.8 Million bank fraud scheme. An indictment was unsealed September 20 against a suspect accused of charging a multi-year bank fraud scheme that netted him over $1.8 million between the summer of 2005 and the summer of 2009, an U.S. attorney announced. The suspect was also charged with engaging in transactions over $10,000 with the proceeds of the fraud. The 22-count indictment charges that the suspect, while an employee of JPMorgan Chase Services, manipulated the firm’s internal books and records and caused the bank to wire transfer to his account, to accounts of his family, and to accounts in which his life partner had right, title, interest or control. The indictment claims that among the wire transfers of funds was one in 2005 for over $499,500, one in 2008 for $583,444.99, and one in 2009 for another $583,444.99. If -6- convicted, he faces a statutory maximum possible sentence of 240 years in prison, a fine of $6.25 million, $2,200 in special assessments, and up to 5 years’ supervised release. Source: http://www.loansafe.org/former-chase-employee-charged-in-1-8-million-bankfraud-scheme 15. September 19, WLS 7 Chicago – (Illinois) Hundreds fall victim to ID theft scam. More victims have come forward regarding a case of debit card fraud in Wheeling, Illinois. Hundreds of people lost thousands of dollars, and Chicago police were offering up tips to help protect against scam artists. The story is the same in all the cases: residents used their debit cards at a local business and then noticed large ATM withdrawals from their bank accounts. Consumers in Wheeling and Buffalo Grove were targeted. Police said they are not sure who is responsible for the illegal activity but said all the victims used their debit cards at a local business. Batavia-based national grocery store chain Aldi issued a statement September 17 acknowledging they were recently notified that the security of a limited number of debit card terminals at some stores may have been compromised, and they have removed terminals that may have been affected. The FBI is investigating. Source: http://abclocal.go.com/wls/story?section=news/local&id=7676756 16. September 18, Bank Info Security – (National) 6 Banks closed on Sept. 17. Federal and state banking regulators closed six banks September 17. These failures raise the total number of failed institutions to 140 so far in 2010. ISN Bank, Cherry Hill, New Jersey, was closed by the New Jersey Department of Banking and Insurance, which appointed the Federal Deposit Insurance Corp. (FDIC) as receiver. The FDIC entered into a purchase and assumption agreement with New Century Bank (d.b.a., Customers Bank), Phoenixville, Pennsylvania, to assume all ISN deposits. The cost to the Depositors Insurance Fund (DIF) is estimated to be $23.9 million. The Bank of Ellijay, Ellijay, First Commerce Community Bank, Douglasville, and The Peoples Bank, Winder, were closed by the Georgia Department of Banking and Finance, which appointed FDIC as receiver. Community & Southern Bank, Carrollton, Georgia, acquired the banking operations of all three banks, including all deposits. The FDIC estimates the cost to DIF for Bank of Ellijay will be $55.2 million; for First Commerce Community Bank, $71.4 million; and for The Peoples Bank, $98.9 million. Bramble Savings Bank, Milford, Ohio, was closed by the Ohio Division of Financial Institutions, which appointed the FDIC as receiver. The FDIC entered into a purchase and assumption agreement with Foundation Bank, Cincinnati, to assume all deposits. The cost to DIF is estimated to be $14.6 million. Maritime Savings Bank, West Allis, Wisconsin, was closed by Office of Thrift Supervision, which appointed FDIC as receiver. The FDIC entered into a purchase and assumption agreement with North Shore Bank, FSB, Brookfield, Wisconsin, to assume all Maritime deposits. The cost to the DIF is estimated to be $83.6 million. Source: http://www.bankinfosecurity.com/articles.php?art_id=2932 17. September 18, San Francisco Appeal – (California) Man sentenced in $1.3 million bank fraud scam. One man was sentenced to prison September 15 for participating in -7- a scheme with three others that defrauded banks of more than $1.3 million, according to the U.S. Justice Department. The 46-year-old, was ordered to serve 45 months in prison for depositing fraudulent checks from a credit line into bank accounts and then rapidly withdrawing the money from ATMs, a U.S. attorney said in a statement. All four defendants made plea agreements admitting to depositing the phony checks, making withdrawals, and then making purchases before the checks were returned unpaid. The statement said bank accounts became overdrawn by thousands of dollars, and sometimes tens of thousands of dollars. Source: http://sfappeal.com/news/2010/09/man-sentenced-in-13-million-bank-fraudscam.php 18. September 17, Associated Press – (California) San Francisco man charged in $25M Ponzi scheme. Federal prosecutors said a San Francisco man has been charged with defrauding investors of $25 million in a residential property Ponzi scheme. A U.S. attorney said the 31-year-old suspect allegedly persuaded at least 80 people to lend him money by promising high returns on their investments in properties he would purchase, renovate and resell. FBI investigators allege that instead, early investors were reimbursed with funds from later lenders, while the suspect used some of the proceeds for personal expenses and to invest in retail businesses. The suspect pleaded not guilty during his first court appearance September 17. Source: http://www.sfgate.com/cgibin/article.cgi?f=/n/a/2010/09/17/state/n154425D39.DTL 19. September 17, Krebs on Security – (International) SpyEye botnet’s bogus billing feature. Miscreants who control large groupings of hacked PCs or “botnets” are always looking for ways to better monetize their crime machines, and competition among rival bot developers is leading to devious innovations. The SpyEye botnet kit, for example, now not only allows botnet owners to automate the extraction of credit card and other financial data from infected systems, but it also can be configured to use those credentials to generate bogus sales at online stores set up by the botmaster. SpyEye is a software package that promises to make running a botnet a point-and-click exercise. A unique component of SpyEye is a feature called “billinghammer,” which automates the purchase of worthless or copycat software using credit card data stolen from victims of the botnet. The SpyEye author explained this feature in detail on several hacking forums where his kit is sold, even including a video that walks customers through the process of setting it up. Basically, the scam works like this: The botmaster acquires some freeware utility or legitimate program, renames it, claims it as his own and places it up for sale at one of several pre-selected software sales and distribution platforms, including ClickBank, FastSpring, eSellerate, SetSystems, or Shareit. The botmaster then logs in to his SpyEye control panel, feeds it a list of credit card numbers and corresponding cardholder data, after which SpyEye opens an Internet Explorer Window and — at user-defined intervals — and starts auto-filling the proper fields at the botmaster’s online store and making purchases. Source: http://krebsonsecurity.com/2010/09/spyeye-botnets-bogus-billing-feature/ -8- 20. September 17, KWTX 10 Waco – (Texas) FBI seeks public’s help in finding I-35 bandit. The FBI asked for the public’s help September 17 in locating the man dubbed the I-35 Bandit who’s robbed 15 Texas banks between Wichita Falls and San Antonio since January 2004. The most recent robbery occurred September 8 at the First State Bank Central Texas in Little River Academy during the height of flooding in the area caused by heavy rainfall from Tropical Storm Hermine. The robber used a small sedan as a getaway vehicle in all 15 of the robberies, and when he held up the bank in Little River, he was driving a 2011 model Hyundai Sonata that may have been a rental, the FBI said. It appears he has lost weight over the last 2 years, authorities said. The I-35 Bandit should be considered “armed and extremely dangerous,” the FBI said, because in each robbery he entered the bank with his handgun drawn and pointed it directly at tellers or customers. Source: http://www.kwtx.com/news/headlines/103163624.html?ref=624 21. September 17, U.S. Securities and Exchange Commission – (National) Lambros D. Ballas sanctioned. A suspect, of Huntington, New York, was barred from association with any broker or dealer by the U.S. Securities and Exchange Commission (SEC). The sanction was ordered in an administrative proceeding before an administrative law judge, following a court-ordered injunction against him. In July 2010, the suspect was enjoined from violating the antifraud provisions of the federal securities laws based on his involvement in a fraudulent scheme to manipulate stock prices of multiple publicly traded companies. He arranged for the distribution of phony press releases involving major public companies, such as Google, Microsoft, and Walt Disney, and then posed as an investor on Yahoo! Inc. Internet message boards providing links to the bogus releases he had created and disseminated. In the case of one company he touted, the suspect bought 5,000 shares of its stock before issuing a phony press release that caused the stock price to increase nearly 80 percent within a few hours of the fake release. During the time in which he engaged in this conduct, the suspect was a registered representative with a broker-dealer registered with the Commission. Source: http://www.sec.gov/news/digest/2010/dig091710.htm 22. September 16, Wired.com – (California) Man gets 6 years in prison for laundering $2.5 million for carders. A California man who helped funnel stolen cash to a global network of hackers and carders was sentenced September 16 to 6 years in prison for conspiracy to launder money.â ¨ The 38-year-old suspect, also known as “uBuyWeRush,” ran a legitimate business selling liquidation and overstock merchandise online and from three California stores. But, according to an indictment, he also sold MSR-206’s to carders to encode stolen bank card data onto blank cards, and he served as a conduit to transmit stolen money between mules and carders. He worked with many of the top carders in the criminal underground between 2003 and 2006, including a Ukrainian carder who allegedly worked with the TJX hacker and was considered by authorities to be one of the top sellers of stolen card data on the Internet. In 2003 and 2004, the suspect became an approved and trusted vendor on online criminal forums such as CarderPlanet and Shadowcrew, advertising his goods and services and dispensing advice on the best tools to use for various criminal endeavors. Source: http://www.wired.com/threatlevel/2010/09/ubuywerush/ -9- [Return to top] Transportation Sector 23. September 20, Reuters – (International) France warns of terror threat. France is on heightened alert for possible terrorist attacks after receiving a tip-off that a female suicide bomber was planning to attack the transport system, a police source said September 20. The interior minister said France was facing a real terrorism threat as it faces a backlash from al Qaeda militants in North Africa and fears grow of an attack from home-grown cells within its borders. A police source told Reuters the authorities had been alerted from Algeria that there was a possible threat from a female suicide bomber to the Paris metro system. Citing unidentified security sources, French radio station RTL reported earlier in the day that the authorities had been informed of the possible bomber September 15. A spokesman for the public prosecutor said an investigation to determine the truth of the information was under way. “On Salafist websites, close to al Qaeda, there have been more calls against France and communication has been intercepted from (al Qaeda’s) Abu Yahya al-Libi to AQIM to attack France as a priority,” a spokesman for the International Terrorism Observatory in Paris told Reuters Television. The head of France’s counter intelligence service has appeared in several interviews recently evoking the heightened alert. Source: http://www.reuters.com/article/idUSTRE68J3X120100920 24. September 18, Associated Press – (Texas) Charter bus hits Texas highway barrier, 18 injured. A charter bus struck a highway barrier after leaving Dallas, Texas September 18, injuring 18 people, including one seriously. The bus left Dallas and was headed to Oklahoma City when it crashed just after midnight near Sanger, Texas about 50 miles north of Dallas, said a spokesman for the Texas Department of Safety. The bus driver told authorities that a vehicle swerved in front of him and he took evasive action by pulling into the inside shoulder of the highway. The bus struck the concrete barrier and came to rest on the grassy median. It didn’t overturn, but five passengers were ejected through side windows. Eighteen of the 33 bus passengers were taken to three area hospitals with varying degrees of injuries, including one who was transported in serious condition. Source: http://www.cfnews13.com/article/news/ap/september/152257/Charter-bus-hitsTexas-highway-barrier-18-injured For more stories, see items 1 and 3 [Return to top] Postal and Shipping Sector 25. September 20, United Press International – (International) White powder sent to another embassy. White powder was found in an envelope at an embassy in Tel Aviv, Israel — this time at the Turkish Embassy — for the fourth time in 1 week, officials said. Israeli firefighter teams and units specializing in dangerous substances were sent - 10 - to the site. No injuries were reported, Ynetnews.com said. Embassy staffers opening mail discovered the white powder inside an envelope, the Web site said. It was the fourth time within 1 week that rescue forces were dispatched to Tel Aviv after suspicious envelopes were sent to foreign embassies, the report said. Last week, envelopes containing white powder and threats to the state of Israel were sent to the American, Spanish and Swedish embassies, the report said. Source: http://www.upi.com/Top_News/World-News/2010/09/20/White-powder-sentto-another-embassy/UPI-17661284993138/ 26. September 17, Associated Press – (Missouri) Suspicious substance prompts lockdown. A letter containing an unknown substance prompted a brief lockdown at a Jefferson City building that houses a Missouri state agency. The letter was delivered yesterday to the Missouri Division of Professional Registration and Licensing. KRCGTV reported an employee had a skin reaction from opening the letter. A state department of public safety spokesman said preliminary tests indicated the substance was a prescription pain medication. The spokesman said police responded around 10:30 a.m., and the building returned to normal around 12:30 p.m. The office building is about 5 miles west of the state capitol. Source: http://www.columbiatribune.com/news/2010/sep/17/suspicious-substanceprompts-lockdown/ [Return to top] Agriculture and Food Sector 27. September 19, Occupational Health and Safety – (Washington) Fruit processing plant to pay $106,000 for failing to report ammonia release. Tree Top Inc. has agreed to pay a $21,000 Environmental Protection Agency (EPA) penalty and complete an $85,000 upgrade to its Selah, Washington, plant for failing to immediately report a release of ammonia at its fruit processing plant. In addition to the penalty, Tree Top will update its computer hardware and install an advanced ammonia detection system that will make future releases less likely. On July 10, 2009, Tree Top had an estimated 1,000-pound ammonia release at its fruit processing center, according to the EPA settlement. The company uses large quantities of anhydrous ammonia at the plant as a refrigerant. According to case documents, EPA alleges that Tree Top failed to immediately notify emergency response authorities after the ammonia release occurred, and also failed to submit the required reporting documents. The leak occurred when a high-pressure relief valve tripped and failed to reseat properly. Source: http://ohsonline.com/articles/2010/09/19/fruit-processing-plant-to-pay-106000for-failing-to-report-ammonia-release.aspx?admgarea=news 28. September 19, Associated Press – (National) May frosts hurt apple crop in New England. While apple growers in some states are enjoying an earlier-than-usual harvest, many in New England and upper Midwest are reeling from the effects of two hard frosts in May. The U.S. Department of Agriculture forecasts the apple crop in every New England state except Rhode Island will be down by almost 20 percent - 11 - compared to 2009. The owner of Windy Ridge Orchard in North Haverhill, New Hampshire, said he lost 80 percent of his apple crop — upwards of 5,000 bushels, forcing him to eliminate pick-your own for the season. A fruit specialist for the University of Massachusetts Extension Service said Massachusetts had pockets of loss, but nothing like Vermont, New Hampshire, and Maine. Michigan was also hit hard. The frosts hit after an unseasonably warm spring in which apple trees blossomed early, making them most vulnerable to the cold temperatures. Source: http://www.wcsh6.com/news/regional/story.aspx?storyid=128564&catid=46 29. September 18, Food Safety News – (National) Blocking E. coli before it moves in. Scientists at the U.S. Department of Agriculture (USDA) recently discovered key gene and chemical interactions that allow toxic Escherichia coli (commonly known as E. coli or O157:H7) bacteria to colonize in the guts of cattle. According to their research, the bovines not only host, but also can shed the deadly human pathogen. Many E. coli O157:H7 outbreaks have been associated with contaminated meat products and cross contamination of produce crops. Because the bacteria do not cause cattle to show clinical symptoms of illness, and due to other unknown variables, they can be hard to detect within the cattle as well as the environment. Researchers at the USDA Agricultural Research Service (ARS) and an animal scientist reported on how the E. coli bacteria are aware of a key chemical that plays a critical role in allowing the bacteria to colonize in cattle’s gastrointestinal tracts. The scientist and the ARS Food and Feed Safety Research Unit, based out of College Station, Texas, published the study in the Proceedings of the National Academy of Science. Source: http://www.foodsafetynews.com/2010/09/blocking-e-coli-before-it-moves-in/ 30. September 17, Harlingen Valley Morning Star – (Texas) Fire smolders for hours inside cotton baler. Firefighters worked for hours to control a fire that ignited inside a cotton baler near Harlingen, Texas, September 16, fighting the blaze into early September 17. A worker at the Valco chemical plant told officials he saw a cotton baler erupt into flames at the site after hearing a loud pop, Harlingen’s fire marshal said. The fire broke out sometime between 10 and 11 p.m. The fire department dispatched four engines, a rescue truck and an aerial ladder platform to contain the blaze before it spread to nearby equipment. “The fire was actually brought under control very quickly, but it’s tough to completely extinguish that cotton once it gets going,” he said. At one point, flames were 30 feet high. Firefighters were at the scene until about 2:30 a.m. September 17 because a large amount of cotton continued to smolder inside the baler. No one was injured. Source: http://www.brownsvilleherald.com/news/inside-116935-baler-smolders.html 31. September 17, Associated Press – (New York) 19-year-old pleads guilty in ‘Fight Club’ inspired explosion at New York City Starbucks. A 19-year-old pleaded guilty September 17 to an attempted arson at a New York City Starbucks coffee shop in a predawn blast that was inspired by the movie “Fight Club.” He also pleaded guilty to attempted criminal possession of a weapon in a deal that will send him to prison for 3 and 1/2 years when he is sentenced November 16. The suspect faced a minimum 15 years and maximum 25 years in prison had he been convicted by a jury of more serious - 12 - arson charges. The explosion near the Guggenheim museum on the Upper East Side on Memorial Day 2009 shattered windows at the Starbucks but caused no injuries. The man only said one word, “Yes,” when a Manhattan supreme court justice asked if he intentionally damaged the shop and knew there were people in the coffee shop who could have been harmed in the prank. Source: http://www.foxnews.com/us/2010/09/17/year-old-pleads-guilty-fight-clubinspired-explosion-new-york-city-starbucks/ [Return to top] Water Sector 32. September 20, Associated Press – (Iowa) Iowa town asked to conserve water after computer problem drains water tower. Residents of Glidden, Iowa are being asked to conserve water after a computer malfunction drained the town’s water tower. The Iowa Department of Natural Resources said the problem happened September 19. The agency said the malfunction was fixed that day, and by evening the tower was being filled. In the meantime, residents are asked to conserve water and to boil water for drinking or cooking because of the potential for bacterial contamination. The department said the advisory will be in effect until at least September 21. Once the tower is filled and water pressure is restored, the water will be tested to make sure it is safe. Source: http://www.wqad.com/news/sns-ap-ia--watertowerdrained,0,6607834.story 33. September 20, Tennessean – (Tennessee) No easy fix for leaky lagoon. Town leaders in Thompson’s Station, Tennessee, are shaping up a plan — and carefully scrutinizing costs — for repairs at the sewer treatment plant to satisfy a notice of violation issued by Tennessee. The town administrator said he expected the state’s letter after leaks to a lagoon at the 4-year-old plant were discovered weeks ago. Though the lagoon is not yet in use, the leaks still constitute a violation of the town’s permit through the Tennessee Department of Environment and Conservation (TDEC). A TDEC spokeswoman said the town has 30 days to submit a plan. The state’s notice outlines the concerns: several leaks in the lagoon’s liner and two areas where the ground appears to have collapsed underneath that cell. The town administrator said they must identify what caused the collapses before making repairs. The town got a quote of $31,000 to dig monitoring wells that would be used to help with that determination. But that’s more money than the town may have, he said, noting they are considering a budget amendment to earmark repair funds. The state also noted the town does not yet have the deed for the property that would be used as a drip field once the plant has reached a level that necessitates having to discharge treated effluent. The plan was to use easements within the Tollgate, Canterbury and Bridgemore subdivision that fronted the construction cost for the plant in exchange for prepaid sewer connections. The town administrator said they are working on a drip field plan for the state’s approval. Source: http://www.tennessean.com/article/20100920/WILLIAMSON12/9200306/2044/No+ea sy+fix+for+leaky+lagoon - 13 - 34. September 20, Arizona Daily Star – (Arizona) City facing major new expense to treat water. Changing federal standards for a chemical left behind after the cleanup of TCE and TCA from south-side groundwater could force the city of Tuscon, Arizona, — and water customers — to spend millions of dollars on a new treatment plant. Removing trichloroethylene, or TCE, and trichloroethane, or TCA, from groundwater leaves behind a chemical called 1,4 dioxane, which was used to prevent the breakdown of TCA. Although the massive federal Superfund site on the south side is able to strip out the TCE and TCA, the 1,4 dioxane does not evaporate and stays in the water. To get under the current federal standards of 3 parts per billion (ppb) for 1,4 dioxane in drinking water, Tucson Water mixes the treated water from the south side with other water not contaminated by the chemical, lowering the level in Tucson’s Water supply to 1.15 ppb, the Tucson water director said. But Tucson Water was notified 2 weeks ago that new federal drinking water standards will likely be issued in the wake of a new Environmental Protection Agency risk assessment for 1,4 dioxane showing the cancer potency factor of the chemical is nine times higher than the agency previously thought. How low the new standard could fall hasn’t been identified, but the director said it is likely to be below the level that Tucson Water now achieves. He also noted that, as differing degrees of contaminated water move through the treatment plant, there is no guarantee the city can continue to hit the 1.15 ppb standard it now achieves. Because word of the likely change is so new, city officials have no estimate on how much the plant will cost — beyond that it will be in the millions — or exactly when it will be required. Source: http://azstarnet.com/news/local/govt-and-politics/article_33365df2-7adb-5252aff3-1cca4806ad01.html 35. September 17, WTXF 29 Philadelphia – (Pennsylvania) Local counties put on drought warnings. The Pennsylvania Department of Environmental Protection (DEP) has put Philadelphia, Lehigh, Bucks and Montgomery counties under a drought warning. All citizens and businesses are being told to reduce water use by 15 percent as a voluntary measure as of September 17. If the situation does not approve, the DEP could issue a drought emergency. The state has not issued an emergency since 2002. Under those conditions, there would be a mandatory 15 percent cut back on water use enforceable by law. The DEP secretary said a hot, dry summer has led to steadily declining ground and surface water levels. He said, “Pennsylvania’s Drought Task Force has concurred with DEP’s recommendation that drought watches and warnings be issued for all 67 counties to alert water suppliers, industry and the public of the need to begin conserving water.” Bucks County has been hit particularly hard. The precipitation deficit over the past 90-day period is 5.5 inches below normal in Bucks County. Source: http://www.myfoxphilly.com/dpp/news/local_news/091710-local-counties-puton-drought-warnings For more stories, see items 10, 51, and 60 [Return to top] - 14 - Public Health and Healthcare Sector 36. September 18, San Jose Mercury News – (California) Area hospitals expect to learn from response to Calif. gas pipeline explosion. Area hospitals were able to ramp up quickly and handle the dozens of injured flooding in from the gas pipeline explosion and fire in San Bruno, California., but officials hope to use the experience to better prepare for the next major disaster. Many of the wounded were able to drive themselves to the emergency room and have since been treated and released, though four others with severe injuries remained September 17 at the St. Francis Memorial Hospital Burn Center in San Francisco. Source: http://www.kentucky.com/2010/09/18/1441129/area-hospitals-expect-tolearn.html 37. September 18, The Tennessean – (Tennessee) MTMC exercises delayed by bomb hoax. Secondhand information about a bomb threat at the new Middle Tennessee Medical Center, located in tennessee September 17 disrupted tours of the facility, employee training exercises and other preparations that were under way for the hospital’s Oct. 2 grand opening. Murfreesboro Police and the Tennessee Highway Patrol’s bomb squad, after an almost four-hour sweep of the building, determined there was no explosive device in the hospital’s new facility located on Medical Center Parkway near Interstate 24. After the all-clear was given, police attention quickly turned back to the person responsible for making the call. Source: http://www.tennessean.com/article/D4/20100918/NEWS01/9180309/MTMC+exercises +delayed+by+bomb+hoax [Return to top] Government Facilities Sector 38. September 20, National Public Radio – (Utah) Threat eases from ‘Machine Gun’ wildfire in Utah. Cooler temperatures and calmer and shifting winds have diminished the wildfire threat to 1,600 homes in Herriman, Utah. But fire and police officials continued to keep about 5,000 people out of their homes. Several neighborhoods were evacuated September 19 after a wildfire erupted shortly after noon near a machine-gun training range at Camp Williams, a vast military reservation used by the Army National Guard located about 30 miles south of Salt Lake City. The “Machine Gun” fire was sparked by a stray bullet that likely ricocheted off a rock and into dry brush, said the National Guard commander in Utah. Military firefighters attacked the relatively small blaze and believed it was out, he said. But the region was under a National Weather Service “Red Flag” warning for hot and dry conditions conducive to wildfire and when wind gusts picked up 3 hours later, the blaze flared up from 300 to 3,500 acres, and raced out of control. “It’s the biggest [fire] I’ve seen here,” the National Guard commander said. Training has triggered wildfires in the past, and the National Guard has protocols for conducting training when wildfire is possible. State and county officials promised an investigation. More than 120 National Guard soldiers were - 15 - activated to assist police and firefighters. Source: http://minnesota.publicradio.org/features/npr.php?id=129986485 39. September 20, Salida Mountain Mail – (Colorado) Firearm report spurs school evacuation. The report of a person with a firearm spurred evacuation of Buena Vista Middle School in Buena Vista, Colorado about 7:15 p.m. September 17, and a fullscale, multi-agency response by law enforcement. Information from the Buena Vista Police Chief said the initial 911 call reported that juvenile witnesses saw the person in the area with a firearm. A number of students and faculty members were in the middle school attending a movie night. In addition, the Buena Vista cross country team would be returning to the school after a meet. Officers from Buena Vista Police Department and Chaffee County Sheriff’s Deputies responded, placing the school under “lockdown,” the police chief reported. He said students and staff members were evacuated to the Sangre De Christo Electric building on north U.S. 24 where parents could pick up their children. After a short time, the police chief reported officers identified a juvenile suspect who turned over a black Airsoft brand handgun designed to shoot plastic pellets. Source: http://www.themountainmail.com/main.asp?SectionID=4&SubSectionID=4&ArticleID =20315 40. September 20, Times Beacon Record – (New York) SBU dorm evacuated. On September 19, an “unknown irritant” caused Hand College, a dormitory on the campus of Stony Brook University (SBU), in Stony Brook, New York, to be evacuated and decomtaminated. The substance caused several students to suffer eye and throat irritation and led to the deployment of haz-mat trailers from Brookhaven Town and Suffolk County. According to a statement from SBU, “A total of 20 students who were on or in the immediate vicinity of the third floor were decontaminated as a precaution. Of these students, a total of four were transported (treated and discharged) to University Medical Center with minor irritation complaints.” Source: http://www.northshoreoflongisland.com/Articles-i-2010-09-16-85371.112114sub_SBU_dorm_evacuated.html 41. September 17, Enid News & Eagle – (Oklahoma) Explosive detector dog alerts on truck at Vance AFB. A military explosive detector dog alerted to a commercial vehicle attempting to enter the Baker, or industrial, gate at Vance Air Force Base near Enid, Oklahoma September 17. Vance emergency personnel and an explosive ordinance team from McConnell AFB, Kansas, have responded to protect the public and assess the threat, according to a release from Vance’s public affairs office. The Baker gate has been closed and will remain so until further notice. Source: http://enidnews.com/localnews/x213894377/BREAKING-Explosive-detectordog-alerts-on-truck-at-Vance-AFB 42. September 17, FoxNews – (New York) U.N. ignores risks of terror attack, New York City says. As the United Nations (U.N.) hosts scores of world leaders at its annual General Assembly this month — and a special summit called by the Secretary General - 16 - for September 20 — behind-the-scene tensions are high between the world organization and New York City, which has repeatedly warned that the U.N. complex on Manhattan’s East side is dangerously exposed to potential terrorist attacks. Top city officials, including the mayor and police commissioner, feel frustrated that after years of negotiations and a $1.8 billion U.N. facelift that is now under way, the U.N. is ignoring blunt and dire warnings about the risks faced at the 17-acre complex. “The city is not satisfied with the U.N.’s response to date,” declared a mayoral spokesman. “The U.N. has not adopted the city’s security recommendations for the headquarters campus.” The city’s concerns are major. In some places at the periphery of the U.N. complex, little more than a wheel-barrow full of high explosives could have a disastrous effect. In others, a truck-bomber could drive within a few yards of the complex before setting off a blast that could be as devastating as the 1995 Oklahoma City, Oklahoma bombing at the Alfred P. Murrah Federal Building. Source: http://www.foxnews.com/world/2010/09/16/exclusive-ignores-risks-terrorattack-new-york-city-says/?test=latestnews 43. September 16, Alexandria Daily Town Talk – (Louisiana) City website’s hacked link fixed. A link on the city of Alexandria’s (Louisiana) Web site that had been compromised by a hacker now has been fixed. A hacker, known as S3nleVeyaSensiz and describing himself as a “Turkish Attacker,” had posted a profane message as well as a hooded image wearing a Turkish flag on the city’s Web site last week. The site page now contains two links from a February meeting on the city’s planned Sugarhouse Road extension project. Source: http://www.thetowntalk.com/article/20100916/NEWS01/9160317 For more stories, see items 12, 25, and 26 [Return to top] Emergency Services Sector See items 3 and 4 [Return to top] Information Technology Sector 44. September 20, Computerworld – (International) Adobe moves up Flash fix, will patch bug today. Adobe has accelerated the delivery of a patch for a critical vulnerability in Flash and will ship the fix September 20, rather than next week as originally scheduled. Chrome users, however, got the patch September 17, one of the benefits of an April Google-Adobe deal. The bug, which Adobe acknowledged September 13, can be used by attackers to commandeer machines running the popular media player. According to the US-CERT (United States Computer Emergency Readiness Team) hackers can exploit the vulnerability by enticing users to a malicious Web site, or by getting them to open rigged PDF or Microsoft Word documents. Adobe last week called the ongoing - 17 - attacks “targeted” and “limited,” and aimed only at Windows users. Security vendors have also unearthed in-the-wild threats leveraging the Flash bug. Source: http://www.computerworld.com/s/article/9186638/Adobe_moves_up_Flash_fix_will_p atch_bug_today 45. September 20, The H Security – (International) Workaround for ASP.NET server’s encryption vulnerability. In a security advisory, Microsoft has confirmed the vulnerability in the process used by ASP.NET applications to encrypt cookies and other session information. In the announcement for the security advisory, Microsoft said it was not, so far, aware of any attacks. However, the security group encouraged users to “review the advisory for mitigations and workarounds.” A blog entry describes how to implement the workarounds and offers a script to help administrators determine whether their ASP.NET applications are vulnerable. The cause of the problem was highlighted last week by two security researchers who established that there was an issue with how the ASP.NET framework encrypted data. Usually, this uses the Advanced Encryption Standard (AES) in Cipher Block Chaining mode (CBC), but this mode is vulnerable to what are called Padding Oracle Attacks PDF which can allow encrypted data, such as cookies, to be decrypted without the key. Source: http://www.h-online.com/security/news/item/Workaround-for-ASP-NETserver-s-encryption-vulnerability-1081837.html 46. September 20, Government Computer News – (International) Apple’s Ping social networking site quickly hit by spammers. Less than 1 week after introducing its new music-oriented social networking site September 1, Apple had to begin scrubbing Ping clean of spammers and scammers who almost immediately began infiltrating the network. Ping was launched as a feature of Apple’s new iTunes 10 music mart. “With Ping, you can follow your favorite artists and friends and join a worldwide conversation with music’s most passionate fans,” Apple’s CEO said in an announcement. He probably was not expecting that within hours, fans also would be swamped with offers for free iPhones, iPads, iPods and other iGoodies from Web site ads, and survey offers in the comments sections of posts on popular artists. “This development does not come as a surprise,” said the vice president of technology strategy at M86 Security. “Ping is a social network and ... cyber criminals have been targeting social networks for quite some time.” The two grand dames of social networking, Twitter and Facebook, have long been spam vectors. But Ping’s online filters were focused more on obscenity and copyright violations than possible spammers. Source: http://gcn.com/articles/2010/09/20/cybereye-box-apple-ping-spammers.aspx 47. September 20, The Register – (International) 4chan launches DDoS against entertainment industry. Members of 4chan launched a series of distributed denial of service attacks (DDoS) against Web sites maintained by the Motion Pictures Association of America and Recording Industry Association of America over the weekend, protesting actions taken against torrent tracker Web site the Pirate Bay. “Operation: Payback Is A [expletive]” began as an attack against Aiplex — an Indian - 18 - firm that carries out DDoS attacks on Web sites hosting BitTorrent trackers that fail to respond to takedown notices — before progressing onto other entertainment industry Web sites. Packet floods knocked entertainment Web sites offline intermittently throughout the weekend. The attacks were initially coordinated via an Internet Relay Chat channel, which has since been taken offline. Participants in the attacks are invited to download one of two attack tools. It is unclear whether or not participants in the attack are using zombie networks of compromised PCs. Source: http://www.theregister.co.uk/2010/09/20/4chan_ddos_mpaa_riaa/ 48. September 18, Softpedia – (International) Sites hosted at Go Daddy hit by mass injection attack again. Researchers from Sucuri Security, a company running a Web integrity monitoring service, warn that a number of Web sites hosted at Go Daddy have had malicious code injected into their pages. All infected sites had base64-encoded JavaScript added to all of their PHP files. The rogue scripting decodes to a element, which loads content from a third-party domain. The external code redirects visitors to a scareware distribution Web site, which mimics an antivirus scan and displays fake warnings about infections on their computers. The goal of the scam is to trick users to buy licenses for a useless application, which claims to be able to clean malware, that wasn’t even there to begin with. The company provides a generic Web site clean-up script, which according to some comments worked for removing this latest infection. However, those amongst the affected Web site owners should check first with Go Daddy, as they might already have a solution for this attack. Source: http://news.softpedia.com/news/Sites-Hosted-at-Go-Daddy-Hit-by-MassInjection-Attack-Again-156997.shtml 49. September 17, DarkReading – (International) Forrester pushes ‘zero trust’ model for security. Trust no one, not even end users: That’s the underlying theme of a new security model proposed by Forrester Research called “Zero Trust,” which calls for enterprises to inspect all network traffic, from the outside and on the inside. A senior analyst with Forrester said the current trust model in security is broken and the only way to fix it is to get rid of the idea of the trusted internal network and the untrusted external network. Instead consider all network traffic untrusted, he said. “Times have changed. You can’t think about trusted and untrusted users” anymore, said the analyst, who gave more details on the model at Forrester’s Security Forum in Boston, Massachusetts. The wave of damaging insider-borne breaches during the past few years illustrates the importance of being able to see everything going on in the network, he said. Zero Trust means inspecting all traffic in real time, and a new category of products called network analysis and visibility, which combines several niche tools — such as forensics, packet capture, meta data analysis, and network discovery flow analysis — such that they provide visibility and analysis of traffic and do not disrupt business processes. Source: http://www.darkreading.com/insiderthreat/security/perimeter/showArticle.jhtml?articleI D=227500145 - 19 - 50. September 17, The H Security – (International) Stuxnet also found at industrial plants in Germany. Siemens is reporting that industrial plants in Germany have also been hit by the Stuxnet worm. According to a spokesperson for Siemens, about one third of the 15 infections discovered at industrial plants worldwide have been found at sites in the German process industry sector. Siemens’ own plants are said not to be affected. Analyses by Siemens have confirmed that Stuxnet can, in theory, manipulate Programmable Logic Controllers (PLCs). However, the behavior has not been observed in the wild. According to the spokesperson, Stuxnet checks the configurations of infected WinCC or PC7 systems for existing data blocks. If it finds suitable blocks, it becomes active and modifies the controller code. If it doesn’t find any, it remains inactive. The worm seems to look for specific types of systems to manipulate. Siemens couldn’t provide details about which systems are or could be affected. The spokesperson said no system with an active worm has so far been observed. Automation system security specialists Langner Communications have released a more detailed analysis of how Stuxnet manipulates PLCs on its Web site. According to this analysis, the worm injects arbitrary code when transmitting blocks of code to the PLC. To compromise data transmissions, it diverts the data via a wrapper DLL before submitting it to the SIMATIC Device Operating System’s original s7otbxdx.dll library for processing. Source: http://www.h-online.com/security/news/item/Stuxnet-also-found-at-industrialplants-in-Germany-1081469.html Internet Alert Dashboard To report cyber infrastructure incidents or to request information, please contact US-CERT at sos@us-cert.gov or visit their Web site: http://www.us-cert.gov Information on IT information sharing and analysis can be found at the IT ISAC (Information Sharing and Analysis Center) Web site: https://www.it-isac.org [Return to top] Communications Sector 51. September 20, Associated Press – (New Mexico) Water main break leads to Internet outage in Alq. A water main break has shut down Internet and phone service in portions of northwest Albuquerque, New Mexico. Qwest said almost 100 Albuquerque homes and businesses will be without service through September 21. The water main break at a Qwest office near 4th Street and Griegos Road is to blame. A Qwest spokesman said service should be fully restored by the morning of September 21 at the latest. Source: http://www.newswest9.com/Global/story.asp?S=13183405 52. September 18, Binghamton Press & Sun-Bulletin – (New York) Vestal crash takes out Time Warner cable, Internet. Thousands of Time Warner cable and Internet customers were without service for most of the day and night September 18 after a car crash downed a utility pole along Vestal Parkway near Binghamton University in - 20 - Vestal, New York. Two teenagers were unhurt in the accident, which took place at 11:26 a.m. The accident damaged a Time Warner Cable fiber optics line knocking out cable and Internet service to most neighborhoods west of the crash. Outages were reported in Vestal, Endicott, Endwell and the Town of Union. It is not known how many customers were affected and when their cable service would be restored. Customer service lines to Time Warner in Vestal were continuously busy throughout the day September 18. As many as 12 linemen from Time Warner remained on the scene throughout the day trying to repair the severed fiber optics line that supplies cable television and high-speed Internet services to thousands of customers in the Binghamton region. Source: http://www.pressconnects.com/article/20100918/NEWS01/100918002/1112/Vestalcrash-takes-out-Time-Warner-cable--Internet 53. September 17, United Press International – (International) Rogue satellite still ‘talking’. An uncontrollable satellite drifting in orbit did not shut itself down as predicted and is posing signal interference risk to other satellites, experts said. Intelsat’s Galaxy 15 communications satellite, dubbed the “zombie satellite,” lost contact with its controllers in April but is stuck “on” and continues to transmit signals as its operators on Earth work to avoid potential interference with other nearby spacecraft, SPACE.com reported September 17. Intelsat engineers had estimated that the satellite would lose power and shut itself off in late August, but that has not happened. Intelsat officials said there is no risk of it physically colliding with other spacecraft, so their team’s main focus is preventing Galaxy 15’s signals from interfering with neighboring satellites. The 4,171-pound satellite went rogue April 5 when it stopped responding to controllers on the ground but maintained an active payload, with its telecommunications transmitter still functioning. Several attempts to shut down Galaxy 15 have failed, leaving the defunct satellite stuck drifting in space and still “talking.” Source: http://www.spacemart.com/reports/Rogue_satellite_still_talking_999.html [Return to top] Commercial Facilities Sector 54. September 19, KMGH 7 Denver – (Colorado) Man arrested, bomb hoax forces Golden Hotel evacuation. A 19-year-old Golden, Colorado, man was arrested in connection with the suspicious device “resembling a bomb” that was found in a stairwell in the Golden Hotel September 19, forcing the evacuation of about 40 guests. However, the suspect was released pending a decision on whether to file charges by the Jefferson County District Attorney’s Office, police said. The Jefferson County sheriff’s bomb squad responded to the scene and deployed a robot at one point. The suspicious device was determined to be a hoax and was removed from the hotel. Guests were then allowed to go back into the hotel. Source: http://www.thedenverchannel.com/news/25077327/detail.html - 21 - 55. September 18, McDonough County Voice – (Illinois) Hotel evacuated after meth lab found. A Macomb, Illinois, hotel was evacuated September 16 after an anonymous tip led to the discovery of a methamphetamine lab in one of the rooms. A search warrant was obtained for the room, and officers discovered a “working” methamphetamine lab, which the Illinois State Police Methamphetamine Response Team (ISP-MRT) confirmed was active. Officers made contact with the room’s two occupants and then seized 86.4 grams of methamphetamine and 3.8 grams of heroin, both packaged for delivery; a .380 caliber handgun and ammunition; syringes, less than 2.5 grams of marijuana, digital scales, packaging material, and a spring-loaded stiletto knife. Officers placed the pair under arrest, secured the room and took two children, ages 1 and 3, who were in the room, into temporary protective custody. The motel was evacuated and the Macomb Fire Department stood by until the ISP-MRT removed the lab. Source: http://www.mcdonoughvoice.com/news/x1685470989/Hotel-evacuated-aftermeth-lab-found 56. September 18, San Diego Union-Tribune – (California) Copycat suicide: Toxic fumes in car. A man apparently killed himself with toxic fumes inside his car after posting warning signs in the windows September 18 in Carmel Mountain, California, in a copycat suicide of an incident in August, San Diego police said. Officers found the 46year-old Mira Mesa man’s body in his car, which was parked in the back corner of a strip mall parking lot on Carmel Mountain Road. Police evacuated the skate park as a precaution, cordoned off the parking lot, and called the San Diego Fire-Rescue Department and a hazardous materials crew. The man’s family called police about 3:30 p.m. to report that he had been missing since noon September 17, a police lieutenant said. His cell phone signal led officers to the strip mall about 5 p.m., where they found the car with hand-written warning signs taped to the windows. The man had used common household chemicals, which, combined, filled the car with toxic gas. Hazardous materials crews removed the items. On August 14, a man committed suicide by creating a lethal hydrogen sulfide gas from common chemicals in his car at Black Mountain Park in Rancho Penasquitos. The man put a sign in his dashboard that said, “Don’t open, Call hazmat or 911.” The police lieutenant said he did some research after the first incident and learned this method of suicide had become prevalent in Japan, and now has spread to several cases across the United States. Source: http://www.signonsandiego.com/news/2010/sep/18/copycat-suicide-toxicfumes-car/ 57. September 17, WTVF 5 Nashville – (Tennessee) Businesses evacuated during bomb scare in Hohenwald. Police said a man walked into a business in Hohenwald, Tennessee with a briefcase and said he had a bomb. The scare forced evacuations of 15 nearby businesses. Hohenwald police called Columbia’s bomb squad into action. They arrived with their robot and opened the briefcase, but found nothing but papers. The man with the briefcase was charged with resisting arrest, disturbing the peace and carrying a prohibited weapon. Source: http://www.newschannel5.com/Global/story.asp?S=13176190 - 22 - [Return to top] National Monuments and Icons Sector 58. September 20, Denver Post – (Colorado) Fire in Rocky Mountain National Park under control. Fire crews brought a 40-acre grass fire under control on the west side of Rocky Mountain National Park in Colorado late September 19 after the blaze had closed a portion of Trail Ridge Road. The Onahu fire — north of Grand Lake — started in grass along Trail Ridge Road September 19, a RMNP spokesman said. The blaze posed no threat to campgrounds, structures or visitors. Trail Ridge Road was reopened about noon September 19 to one-lane traffic with an escort. Park officials were considering increasing fire restrictions, which are now at Level 1, the level set throughout the year. The current restrictions allow fires only in developed campgrounds and picnic sites designated for campfires and in some backcountry sites where there are fire rings. Source: http://www.denverpost.com/news/ci_16119843 59. September 18, KCRA 3 Sacramento – (California) Wildfires Burn In Eldorado National Forest. Two active wildfires were burning in Eldorado National Forest in Sacramento, California, September 18, officials said. The “Black Fire,” on the Ralston Ridge area, had burned 10 acres while the “Point Fire” had burned 2 acres. Seven fire engines and four helicopters were fighting the blazes, which were 0 percent contained. No structures were destroyed and there were no injuries, but a power line and two campgrounds were threatened. Officials expected a Pacific frontal system moving across Northern California to possibly bring rain September 18 and 19. The causes of the fires were under investigation. Source: http://www.kcra.com/news/25069288/detail.html 60. September 18, Eureka Times-Standard – (California) Cleaning up the mess: U.S. Forest Service picks up what marijuana growers leave behind. U.S. Forest Service crews from the Lower Trinity Ranger District removed more than 10 cubic yards of trash this week from six abandoned marijuana grow sites in remote areas of Six Rivers National Forest near Willow Creek, California. According to a press release, it is a common occurrence. A helicopter September 16 was used to transport large amounts of trash, garden hoses, propane tanks, insecticides and other waste from old grow sites to be disposed of properly. The use of herbicides, pesticides and poisons can cause extensive, long-term damage to natural resources and impact public drinking water for hundreds of miles, according to the release. Additionally, the operations can destroy timber, vegetation and wildlife habitats, as well as divert needed water from watersheds, streams and public drinking water supplies. With hunting season quickly approaching, the forest service is warning that more members of the public may be stumbling upon remote active or inactive marijuana growing operations in the forest. Source: http://www.times-standard.com/localnews/ci_16110426 [Return to top] - 23 - Dams Sector 61. September 18, Associated Press – (District of Columbia) Work set to begin on National Mall levee system. The U.S. Army Corps of Engineers has awarded a $4.6 million contract to improve a levee system that would help protect downtown Washington D.C. and the National Mall from river flooding. Officials announced September 17 that work will finally begin in October with completion in 2011. In 2008, the Federal Emergency Management Agency (FEMA) issued new maps declaring much of downtown Washington a flood zone. That could have led to stricter building codes and insurance requirements. But FEMA rescinded those maps after D.C. officials pledged to build an improved levee system by the end of 2009. Work will begin about 1 year late. It will tackle a major weakness in the levee at 17th Street on the mall with a new removable barrier system to be used during a flood. The contract was awarded to Hirani Engineering and Land Surveying of Jericho, New York. Source: http://www.wtop.com/?nid=25&sid=2056244 62. September 17, American Rivers – (Oregon) It’s official: Removing Klamath Dams saves money for power customers. On September 17, the Oregon Public Utility Commission (OPUC) — the Oregon agency charged with protecting utility customers — formally ruled, after months of investigation, that the proposed Klamath Hydroelectric Settlement Agreement (KHSA) is indeed in the best interests of PacifiCorp ratepayers as well as the cheapest alternative for the company. The basis of the commission’s official finding is the significant cost savings of dam removal over retrofitting and relicensing. The KHSA would lead to the removal of four dams on the Klamath River in 2020, pending environmental reviews and approval by the Secretary of Interior. The only other alternative is a much more expensive relicensing proceeding through the Federal Energy Regulatory Commission, the federal agency which licenses dams, which the commission found will likely cost PacifiCorp’s customers far more money than dam removal. Source: http://www.commondreams.org/newswire/2010/09/17-0 [Return to top] - 24 - DHS Daily Open Source Infrastructure Report Contact Information About the reports - The DHS Daily Open Source Infrastructure Report is a daily [Monday through Friday] summary of open-source published information concerning significant critical infrastructure issues. The DHS Daily Open Source Infrastructure Report is archived for ten days on the Department of Homeland Security Web site: http://www.dhs.gov/iaipdailyreport Contact Information Content and Suggestions: Send mail to cikr.productfeedback@hq.dhs.gov or contact the DHS Daily Report Team at 703-872-2267 Subscribe to the Distribution List: Visit the DHS Daily Open Source Infrastructure Report and follow instructions to Get e-mail updates when this information changes. Removal from Distribution List: Send mail to support@govdelivery.com. Contact DHS To report physical infrastructure incidents or to request information, please contact the National Infrastructure Coordinating Center at nicc@dhs.gov or (202) 282-9201. To report cyber infrastructure incidents or to request information, please contact US-CERT at soc@us-cert.gov or visit their Web page at www.us-cert.gov. Department of Homeland Security Disclaimer The DHS Daily Open Source Infrastructure Report is a non-commercial publication intended to educate and inform personnel engaged in infrastructure protection. Further reproduction or redistribution is subject to original copyright restrictions. DHS provides no warranty of ownership of the copyright, or accuracy with respect to the original source material. - 25 -