Homeland Security Daily Open Source Infrastructure

advertisement
Homeland
Security
Current Nationwide
Threat Level
ELEVATED
Daily Open Source Infrastructure
Report for 7 August 2009
Significant Risk of Terrorist Attacks
For information, click here:
http://www.dhs.gov
Top Stories

Minnesota Public Radio reports that several thousand turkeys at a large poultry producer in
central Minnesota’s Meeker County have been quarantined after routine testing discovered
a strain of avian flu. (See item 20)

According to the Associated Press, police in Springboro, Ohio closed city offices
Wednesday after police found a pipe bomb in a teen’s backpack in the police station. (See
item 32)
Fast Jump Menu
PRODUCTION INDUSTRIES
• Energy
• Chemical
• Nuclear Reactors, Materials and Waste
• Critical Manufacturing
• Defense Industrial Base
• Dams Sector
SUSTENANCE AND HEALTH
• Agriculture and Food
• Water Sector
• Public Health and Healthcare
SERVICE INDUSTRIES
• Banking and Finance
• Transportation
• Postal and Shipping
• Information and Technology
• Communications
• Commercial Facilities
FEDERAL AND STATE
• Government Facilities
• Emergency Services
• National Monuments and Icons
Energy Sector
Current Electricity Sector Threat Alert Levels: Physical: ELEVATED,
Cyber: ELEVATED
Scale: LOW, GUARDED, ELEVATED, HIGH, SEVERE [Source: ISAC for the Electricity Sector (ES-ISAC) [http://www.esisac.com]
1. August 6, Automation World – (National) Cyber security—a must for the grid. Like
many electric plants, the Grant County Utility District (GCUD) in Ephrata, Washington
needed to bring its cyber security into compliance with standards developed by the
North American Electric Reliability Corp. (NERC), of Princeton, New Jersey. The
NERC Critical Infrastructure Protection (CIP) standards will soon become required for
electric grids. GCUD engineers turned to a consultant and automation vendors for
-1-
direction. “We have a consultant to help with CIP, and the consultant wrote a lot of our
procedures and guidelines to meet the requirements,” says a systems engineer for hydro
power plants at GCUD. “We also created an internal group of about 20 of us.” In past
years, plants have not worried about cyber security because they did not connect to the
outside world. New data systems have changed that for most plants. “Our systems are
fairly isolated from the outside world, even from corporate systems. We limit access,”
says the engineer. Even so, software and devices share data, and where data is shared,
there is always the possibility of a breach. The cyber security implementation was
prompted by NERC’s assessment program. Cyber security has become a major issue
with electric plants. NERC has launched a number of programs designed to protect the
electric grid from Internet-based attacks. Any connection that goes outside the plant—
whether it is Internet connectivity or dedicated connections to corporate offices—
leaves the plant vulnerable to cyber attack. Prompted by new NERC standards, plants
are adding or beefing up cyber security. Often, vendors that are familiar with NERC
programs implement and run the security programs. Electric plants have traditionally
been isolated from the outside world. But electric plants are now using automation
systems that provide data for corporate offices and allow remote monitoring. That
means virtually all electric plants are now connected to the outside world. Some plant
operators believe they are still isolated, but that is not the case, even if they are only
sending production data to their own corporate offices.
Source: http://www.automationworld.com/feature-5824
2. August 5, WEWS 5 Cleveland – (Ohio) Explosion knocks out power for
thousands. Firefighters battled a blaze at a CEI substation in Willoughby, Ohio
overnight. The flames were sparked by a transformer explosion. Power was knocked
out for about 11,000 customers in Willoughby and Eastlake. All power was restored by
6 a.m. on August 5. The fire could be seen for miles and flames at one point were 60 to
100 feet high. Several fire departments assisted Willoughby in battling the blaze. They
used more than 20,000 gallons of water and foam to get the fire under control. “There
were multiple explosions, and we had to ensure that the power was cut, because we’re
dealing with anything between 33,000 volts and 132,000 volts, I do not know the exact
figure,” said Willoughby’s fire chief. Officials do not know why the transformer
exploded. No one was hurt in the blaze.
Source: http://www.newsnet5.com/news/20283729/detail.html
3. August 4, Texarkana Gazette – (Texas) Halliburton warehouse burns. A blanket of
thick, black smoke covered portions of Liberty-Eylau after a fire broke out at a
Halliburton operations branch the afternoon of August 3. Shortly after noon, the
Liberty-Eylau Volunteer Fire Department received a call of fire inside a warehouse at
Halliburton. When they arrived, they found the warehouse was engulfed in flames, said
the fire chief. Inside the building were bags of drilling mud, which the Texarkana
station grinds up for oil drilling. Other chemicals were present as well. A second
building was threatened but received only smoke damage. Numerous hazardous and
toxic chemicals were stored in the two buildings. Officials are unsure what started the
fire. No injuries among employees, firefighters, or residents were reported.
-2-
Source: http://www.texarkanagazette.com/news/localnews/2009/08/04/halliburtonwarehouse-burns-77.php
For another story, see item 4
[Return to top]
Chemical Industry Sector
4. August 5, Morris News Service – (Georgia) 1 sent to hospital after Savannah
chemical spill. An unidentified person was taken to the hospital after a truck caught
fire and caused a large vapor cloud at the Pilot Gas Station in Port Wentworth. The
incident, which is still under investigation, occurred around 2 a.m. on August 5. Port
Wentworth firefighters responded to the intersection of Hwy. 21 and I-95 at 2:02 a.m.
With the help of Savannah Fire and Hazmat crew members the chemical spill was
contained, said the Port Wentworth fire caption. A private company will continue the
clean up, he said. Some area businesses including the Waffle House and nearby hotels
were evacuated, said the Metro police spokesman. Savannah-Chatham metro police did
not respond to the scene.
Source: http://chronicle.augusta.com/stories/latest/lat_700776.shtml?v=0901
[Return to top]
Nuclear Reactors, Materials and Waste Sector
5. August 5, U.S. Nuclear Regulatory Commission – (National) NRC proposes stronger
oversight of radioactive materials. The Nuclear Regulatory Commission is proposing
to strengthen oversight of radioactive materials by limiting the amount of radioactive
material allowed in generally licensed devices. “I believe this proposed rule is a
positive step forward in increasing the accountability of these materials,” the NRC
Chairman said. “I look forward to receiving input from the public on the agency’s
proposal.” The proposed rule would require owners of approximately 1,800 devices, an
estimated 1,400 general licensees nationwide, to apply for specific licenses for the
devices. This change applies primarily to fixed industrial gauges. Requiring specific
licenses for such devices would improve the safety, security and control over the
gauges by bringing them under increased regulation, making it harder to accumulate a
risk-significant amount of radioactive material or to procure a device through
subterfuge.
Source: http://www.nrc.gov/reading-rm/doc-collections/news/2009/09-131.html
6. August 5, U.S. Nuclear Regulatory Commission – (Florida) NRC to discuss results of
license renewal inspection for Crystal River nuclear power plant. The U.S. Nuclear
Regulatory Commission staff has scheduled a meeting to discuss the results of an
inspection related to a request to extend the operating license for the Crystal River
nuclear power plant on Friday, August 14. Progress Energy, which owns and operates
the plant on the west coast of Florida, near Crystal River, has applied for a 20-year
-3-
license extension for the one-unit site. The inspection is part of an ongoing review of
that application. The meeting is scheduled for 9 a.m. in Room 150 of the Crystal River
nuclear plant training center, located at 8200 West Venable St. in Crystal River. After a
discussion of the inspection results, NRC staff will be available to answer questions
from the public about the review. Under NRC regulations, the original operating
license for a nuclear power plant is issued for 40 years. Companies may apply to renew
those licenses for an additional 20 years if agency requirements are met. Progress
Energy applied to the NRC on Dec. 18, 2008, to renew the license for the Crystal River
reactor. If approved, the expiration date for Crystal River would be extended to
December 3, 2036.
Source: http://www.nrc.gov/reading-rm/doc-collections/news/2009/09-044.ii.html
[Return to top]
Critical Manufacturing Sector
7. August 5, U.S. Consumer Product Safety Commission – (National) Wagner Spray
Tech and Techtronic Industries agree to pay $800,000 civil penalty for delay in
reporting overheating battery chargers. The U.S. Consumer Product Safety
Commission (CPSC) announced today that Wagner Spray Tech Corp., of Plymouth,
Minnesota and Techtronic Industries Co. LTD, of Hong Kong, including its whollyowned subsidiary Techtronic Industries North America Inc., of Anderson, South
Carolina, have agreed to pay an $800,000 civil penalty. The penalty settles a federal
lawsuit filed in the U.S. District Court for the District of Minnesota alleging that
Wagner and Techtronic failed to timely report to CPSC as required by federal law the
overheating of certain defective cordless power drill battery chargers. These chargers
were distributed under the Wagner brand name and manufactured by Techtronic. The
products were reportedly involved in several incidents that resulted in property damage.
The lawsuit alleged that Wagner and Techtronic learned about charger overheating
incidents starting in 1999 and 2000, respectively, but failed to immediately report this
information to CPSC, as required by law. In March 2004, 180,000 of these battery
chargers were voluntarily recalled by Wagner. The civil penalty action demonstrates
that the government may seek civil penalties against all responsible parties, including
foreign entities, as well as U.S. firms, where appropriate. Under the Consumer Product
Safety Act, manufacturers, distributors and retailers are required to report to CPSC
immediately after obtaining information reasonably supporting the conclusion that a
product contains a defect which could create a substantial product hazard, presents an
unreasonable risk of serious injury or death, or fails to comply with any consumer
product safety rule or any other rule, regulation or standard, or ban enforced by CPSC.
In resolving the lawsuit, Wagner and Techtronic denied the allegations that they
violated federal law or failed to immediately report to the government. The Office of
Consumer Litigation of the U.S. Department of Justice brought this case before the
U.S. District Court for the District of Minnesota on behalf of CPSC.
Source: http://www.cpsc.gov/cpscpub/prerel/prhtml09/09298.html
[Return to top]
-4-
Defense Industrial Base Sector
8. August 6, Aviation Week – (National) Classified tests show growler ready for
ops. The EA-18G Growler is now on the road to a full-rate production decision and it
could benefit from an expected Quadrennial Defense Review determination that U.S.
expeditionary forces need another 26-30 airborne electronic attack (AEA) aircraft.
Successful completion of operational testing for the U.S. Navy’s digital electronic
attack aircraft might trigger the production of more Growler/Grizzly electronic attack
aircraft. Senior Pentagon officials have discussed the expeditionary operational
shortfall openly in congressional hearings. Officials are loath to discuss what
specifically the need for airborne electronic attack (AEA) is in a battlefield arena that
has virtually no enemy radar presence. But the aircraft’s digital communications
emitter geo-location and identification capability is at the top of the list. It allows
tracking of enemy command and control, network mapping and signals intercept. It
also can be an important factor in combating improvised explosive devices. Production
pressure on the Boeing F/A-18E/F and EA-18G production line would likely be driven
by the expeditionary requirement, agrees Boeing’s EA-18G program manager. So far
12 aircraft have been delivered to the Navy, and two more will follow in September
and October as part of the current 34 aircraft contract, with each costing about $55
million, he said in an interview August 3. The Navy’s operational validation of the
Growler opens the door to a full-rate production decision in the fall for another 54
aircraft. The Navy’s current program is set at 88 total aircraft. After years of criticism
for being — potentially — too concurrent, not evolutionary enough and increasingly
expensive, the EA-18G shrugged off its critics by being declared operationally
effective and suitable in late July with a recommendation for introduction into the fleet.
The determination was made by the Navy’s commander of operational test and
evaluation forces. It means, roughly, that the Growler is deemed capable of performing
its operational mission of electronic attack. Suitability refers to the adequacy of
maintenance, reliability and support. The Growler has been designed to bridge the gap
between the new, digital ICAP III electronic attack system which has just been
introduced into the Grizzly and the EA-6B that the EA-18G will replace in Navy
squadrons. It will later be modified with the Next Generation Jammer program, which
is to make a quantum leap into the world of advanced electronic attack, cyber warfare
and network exploitation. As proof of the system’s flexibility, Navy officials point to
software problems found and fixed during the test program by developing a software
update that will go into the aircraft in the next software release later this year.
Source:
http://www.aviationweek.com/aw/generic/story.jsp?id=news/EA18080609.xml&headli
ne=Classified Tests Show Growler Ready for Ops&channel=defense
9. August 5, Aviation Week – (National) Hypersonic test flight on track. First flight of
the X-51A scramjet demonstrator is now on track for early December while captive
carriage tests on the NASA-operated B-52H mothership at Edwards Air Force Base,
California, are set to begin in October. A joint effort by the U.S. Air Force, Defense
Advanced Research Projects Agency (DARPA), Pratt&Whitney Rocketdyne, and
Boeing, the hypersonic vehicle is designed to be the first air-breathing craft to
-5-
demonstrate sustained speeds in excess of Mach 4 using a “logistically friendly”
hydrocarbon fuel. The initial vehicle is the first of four X-51As to be launched by April
2010. First flight, targeted for December 2008 under the original schedule before
budget cuts in 2005, was later reset for early in the fourth quarter of 2009. But
integration issues with the B-52H mothership, along with logistic delays, pushed the
first flight target toward late November. The target date has now been moved to
December 3 to take advantage of aircraft availability and avoid crewing complications
around the late November holiday period in the U.S., program officials say. The Air
Force Research Laboratory X-51A Program Manager says if more X-51 flights are
funded beyond the current sustained hypersonic demonstrations, future potential goals
could include longer-duration flights and slower scramjet-cycle initiation speeds. “The
lower it can go, the lower the stress on a turbine,” he adds, referring to potential
combined cycle-weapon developments. The static test vehicle has completed initial
“risk-abatement” ground tests at Edwards and is now being moved back to Boeing’s
Palmdale, California, facility for refurbishment and installation of a thermal protection
system. Once completed, the revamped vehicle will become FTV-4, the final X-51A to
be launched next year.
Source:
http://www.aviationweek.com/aw/generic/story.jsp?id=news/Hyper080509.xml&headli
ne=Hypersonic Test Flight On Track&channel=space
10. August 4, Knoxville News Sentinel – (Tennessee) Two suspended guards return to Y12; one resigns. Two of the three guards suspended in July for bringing electronic
games into the inner sanctum of the Y-12 nuclear weapons plant reportedly returned to
work this week. The third guard resigned rather than be fired, according to Wackenhut
Services, the government’s security contractor in Oak Ridge. “Upon conclusion of the
investigation into the incidents involving prohibited items found in controlled areas,
appropriate discipline was administered,” a Wackenhut spokeswoman said. “Two SPOs
(security police officers) were given time off and one was allowed to resign in lieu of
termination.” The three security officers allegedly were in possession of electronic
game devices, which are strictly forbidden in the so-called “protected area” of the plant
where nuclear warhead parts are manufactured, inspected and disassembled. One of the
games was reportedly a PSP (PlayStation Portable) device that has transmitting
capabilities -- a particular concern in the high-security zone where classified weapons
work takes place. The PSP was reportedly linked to the guard who resigned. The other
electronic games were non-transmitting, but still a reported violation of policy at the
federal installation.
Source:
http://blogs.knoxnews.com/munger/2009/08/two_suspended_guards_return_to.html
[Return to top]
Banking and Finance Sector
11. August 6, Forum of Fargo-Moorhead – (North Dakota) Structural issues force closing
of downtown Fargo parking ramp. The US Bank parking ramp in downtown Fargo
-6-
was ordered closed on August 5 after city officials were told it was no longer
structurally sound and could potentially collapse. The director of planning said the city
was notified in an e-mail from a structural engineer on August 5 that an inspection
found the core of the ramp had deteriorated to a dangerous level. “We’ve been
concerned about the structure for some time,” the director of planning said, adding that
the condition of the city-owned ramp at the corner of Third Avenue and Fifth Street
North is “significantly worse than last year.” The structural engineer was quoted in a
Planning Department news release on the closure: “The center core ramp has
deteriorated to what I feel is a dangerous level. I am also concerned with this core
structure and its connection to the rest of the ramp. These connections are in an
extremely serious condition. There is a potential that if the core collapsed, it could
bring some of the ramp with,” the structural engineer wrote. The director of planning
said a bank drive-through area on the first level of the ramp will remain open. He said
alternatives that will be explored are offering spaces in the underground Ground
Transportation Center ramp or in other city-owned lots.
Source: http://www.inforum.com/event/article/id/248941/
12. August 5, Cliffview Pilot – (New Jersey; New York) FBI smashes $10M foreclosure
scam. Two men scammed homeowners in Bergenfield, Paterson and elsewhere out of
their homes, then pocketed about $1.5 million for themselves, the FBI said.
Homeowners facing foreclosure in Bergenfield, Paterson and elsewhere were
approached by the pair, who offered a way to keep their houses -- and even restore their
credit, the bureau said. The completed their scheme by conning buyers with good credit
into applying for mortgages on the homes in exchange for a fee. After the lenders wrote
the business, the crooks paid the necessary fees at closing -- and walked off with about
$1.5 million, the FBI said, in a criminal complaint on file in U.S. District Court in
Newark. Operating in New Jersey and New York the pair wrote up more than $10
million in worthless loans from the lenders while pocketing 15 percent from five
properties, the FBI Special Agent-in-charge said. Agents arrested both at their
Brooklyn home this morning on federal charges of attempting and conspiring to
commit wire fraud. They are being held pending court appearances this afternoon and
will be prosecuted by the assistant U.S. attorney in Newark. Calling themselves “Home
Savers Consulting Corporation,” the pair scammed three different sets of victims, the
assistant attorney said. First were the homeowners, all of whom had substantial equity
in their homes but were facing foreclosure because of an inability to make the monthly
payments. Also victimized were the straw purchasers, whom the pair recruited by
saying they were helping the true owners “save” their homes, according to the criminal
complaint.
Source: http://www.cliffviewpilot.com/beyond/292-fbi-nets-two-in-10-millionforeclosure-scheme13. August 5, Bloomberg – (National) Bair says regulators should set banker pay
standards. The Federal Deposit Insurance Corp. chairman, weighing in on the debate
over executive pay, said regulators should set standards for U.S. banks to ensure
incentives to encourage long-term performance. Banking agencies should become more
active in setting compensation standards that are “principles-based” without setting
-7-
specific amounts for pay, the chairman said today in an interview with Bloomberg
Television in Washington. “We do need to revamp the system to make sure that the
incentives are long-term,” the chairman said. “I do wish some of these firms would
exercise better restraint and common sense on what they’re paying their folks.” The
chairman joined the House Financial Services Committee Chairman and lawmakers
who say government needs to write pay rules that discourage excessive risk-taking.
Republicans in Congress oppose government setting pay, and last week lost an effort to
defeat a House bill to control incentive pay. Some Democratic senators are reluctant to
support pay limits. Goldman Sachs Group Inc. set aside a record $11.4 billion for
compensation for the first six months, up 33 percent from a year ago and enough to pay
each worker $386,429, the company said last month. The average ratio of
compensation to revenue at securities firms this decade is about 48 percent, Sanford C.
Bernstein&Co. said in a report. “I’m not sure I buy this that all these eye-popping
salaries are necessary to keep folks for competitive reasons,” the chairman said. “At
some point, it just becomes a little beyond the pale in terms of questioning what value
is added for those types of eye-popping salaries.”
Source: http://www.bloomberg.com/apps/news?pid=20601087&sid=agRkbLlnrc6Q
[Return to top]
Transportation Sector
14. August 5, Land Line Magazine – (New Jersey) New Jersey bill seeks help of truckers
in reporting suspicious activity. Truck drivers are all too familiar with being the
targets of legislative action. But an effort on the move at the New Jersey statehouse
bucks that apparent trend. A bill awaiting a floor vote before the full Senate would
make an exception from the state’s cell phone law for truck drivers to assist in national
security efforts. Assembly lawmakers already approved a similar version. The use of
CBs and two-way radios would be exempt from the state’s ban on hand-held
communication devices while behind the wheel. They could be used by truck drivers to
assist law enforcement efforts and communicate vital information while on the job.
Operators of emergency vehicles also would be granted special privilege. “New Jersey
has invested significant training dollars in the private sector to educate the trucking
industry on how to be an additional set of eyes and ears on our roadways when it comes
to potential terrorist activity,” said a state senator in a written statement. “This is about
helping drivers remain vigilant and giving them the tools to assist in our law
enforcement efforts.” The bill – A3084 – is of particular interest to the Owner-Operator
Independent Drivers Association (OOIDA). “Using the eyes and ears of truckers is
critical. Truckers are skilled communicators when it comes to watch-dogging our
nation’s infrastructure,” said director of security operations for OOIDA. “That’s why
we are supporting this bill and asking our New Jersey truckers to call their lawmakers
and urge them to vote yes to A3084.”
Source: http://www.landlinemag.com/todays_news/Daily/2009/Aug09/080309/08050902.htm
-8-
15. August 5, Washington Business Journal – (District of Columbia) Metro to train more
security officers. The Washington Metro Transit Police Department will get $9.56
million in federal grants to better secure the transit system. The money comes from the
Transit Security Grant Program from the Department of Homeland Security. Metro said
it will use the grant to establish, equip, and train five, four-person anti-terrorism teams
whose activities focus on terrorism prevention. The police department also got $1.8
million in DHS Urban Area Security Initiative grants to mostly expand Metro’s
chemical detection program to two more stations and the rest will pay for upgrades to
improve radio communications in Metro tunnels in Prince George’s County. “The
funding will help us get more officers and resources on the street and in our stations to
better protect the Metro system, our riders and employees,” said the Metro Transit
police chief.
Source: http://www.bizjournals.com/washington/stories/2009/08/03/daily78.html
16. August 4, Transportation Security Administration – (Texas) TSA to begin testing
imaging technology at Houston airport. The Transportation Security Administration
(TSA) announced on August 4 that it will begin testing two types of advanced imaging
technology at George Bush Intercontinental Airport. Imaging technologies quickly and
unobtrusively screen passengers for metallic and nonmetallic threats without physical
contact. Millimeter wave and backscatter imaging technologies provide enhanced
detection capabilities and are 100 percent optional for all passengers. Both technologies
have privacy protections in place for the traveler. The security officer who assists the
passenger through the screening process never sees the image the technology produces.
The image is viewed by a remotely located security officer who never sees the traveler.
Further, these technologies cannot save, print, or transmit images. Once the image is
deleted it cannot be restored. At George Bush Intercontinental, TSA will assess the
operational efficiency and public acceptance of these technologies as the primary
screening technology in lieu of the traditional metal detector. It is anticipated the test
will last approximately 60 days.
Source: http://www.securityinfowatch.com/root+level/1312467
[Return to top]
Postal and Shipping Sector
Nothing to report
[Return to top]
Agriculture and Food Sector
17. August 6, U.S. Food Safety and Inspection Service – (National) California firm recalls
ground beef products due to possible Salmonella contamination. Beef Packers, Inc.,
a Fresno, California establishment, is recalling approximately 825,769 pounds of
ground beef products that may be linked to an outbreak of Salmonellosis, the U.S.
Department of Agriculture’s Food Safety and Inspection Service (FSIS) announced on
-9-
August 6. The ground beef products were produced on various dates ranging from June
5, 2009 through June 23, 2009 and bear the establishment number “EST. 31913”
printed on the case code labels. The ground beef products were distributed to retail
distribution centers in Arizona, California, Colorado, and Utah. Because these products
were repackaged into consumer-size packages and sold under different retail brand
names, consumers should check with their local retailer to determine whether they may
have purchased any of the products subject to recall.
Source:
http://www.fsis.usda.gov/News_&_Events/Recall_041_2009_Release/index.asp
18. August 5, KCBD 11 Lubbock – (Texas) Chemical spill forces building evacuation. A
chemical spill forced fire crews to evacuate a Lubbock, Texas business Wednesday
afternoon. First responders arrived at the USDA Research Lab on 4th Street around
noon, after a gallon container of ammonium hydroxide spilled. “It’s a solvent they use
to breakdown the soil samples. It’s highly corrosive. Fumes are dangerous if you inhale
them,” the Lubbock fire captain said. Hazmat crews kept about two dozen workers
outside the building until they cleared the area.
Source: http://www.newschannel10.com/Global/story.asp?S=10855973
19. August 5, Associated Press – (California) Pest found in package had citrus
disease. Tests on a bug found by a dog sniffing packages at a FedEx facility showed it
carried a disease capable of devastating California’s citrus industry, agricultural official
said Wednesday. But state officials believe the citrus industry escaped potential disaster
because the curry leaves carrying the bug were still inside the package at the Fresno
airport. On Wednesday, U.S. Department of Agriculture tests confirmed the live Asian
citrus psyllid nymph found in the leaves last month was infected with the
huanglongbing virus — the first such find west of the Rockies. “This is pretty scary,”
said a spokesman for the California Department of Food and Agriculture. “There is a
potential for a huge problem. Thank goodness for the Fresno dog team.” The executive
director of California Citrus Mutual said the close call showed the potential
vulnerability of the industry. The curry leaves had eluded inspectors in Los Angeles,
where the package initially arrived in the U.S.
Source:
http://www.google.com/hostednews/ap/article/ALeqM5iqr4ZZodXbcGAzuNcvZA1sN
RxFJAD99T3MHG1
20. August 5, Minnesota Public Radio – (Minnesota) Thousands of Minn. turkeys
quarantined. Several thousand turkeys at a large poultry producer in central
Minnesota’s Meeker County have been quarantined after routine testing discovered a
strain of avian flu. The state Board of Animal Health said the birds appear healthy and
show no signs of infection. Poultry workers are being monitored for signs of infection,
but there have been no reported illnesses. All turkey flocks within three miles will be
repeatedly tested for the virus for six weeks, along with any flocks linked to the farm.
Although the current case has caused no illness in Minnesota poultry, the virus, if left
unchecked, can change into a form that could be lethal to domestic poultry and
- 10 -
chickens. Minnesota is the nation’s top turkey producing state.
Source: http://minnesota.publicradio.org/display/web/2009/08/05/turkey-quarantine/
For more stories, see items 4 and 44
[Return to top]
Water Sector
21. August 5, Chicago Tribune – (Illinois) Illinois takes step to protect water
quality. Legislation that the Illinois governor signed into law on August 4 asks state
environmental officials to find ways to reduce trace elements of painkillers, bug spray,
sex hormones, and other man-made products that show up in water quality tests. The
Illinois Environmental Protection Agency is required to establish a program giving
people places to drop off unused medications, personal-care products, batteries, auto
fluid, mercury thermometers, and other general household waste rather than pouring it
into toilets or down the drain, said the sponsoring senator. Under the law state officials
also will be required to prepare information about proper disposal of unused drugs.
Water quality reports have shown small amounts of prescription drugs and unregulated
chemicals in Chicago tap water.
Source: http://www.chicagotribune.com/news/local/chi-quinn-legis05aug05,0,6712373.story
22. August 5, Davidson County Dispatch – (North Carolina) Thomasville reports
untreated wastewater spill. The City of Thomasville, North Carolina had a
wastewater spill of an estimated 385,805 gallons August 3 and 4. The spill of untreated
wastewater came from the North Hamby Creek Outfall Line near Baptist Children’s
Home Road and spilled into North Hamby Creek in the Yadkin/Pee Dee River Basin.
The Division of Water Quality was notified of the spill on August 4 and is reviewing
it.
Source: http://www.thedispatch.com/article/20090805/ARTICLES/908059994/1005?Title=Thomasvillereports-untreated-wastewater-spill
23. August 5, Greene County Daily World – (Indiana) Bloomfield’s waste water
treatment plant needs help. The town of Bloomfield, Indiana is in the early stages of
applying for a grant that would fund waste water system improvements. The town’s
waste water treatment plant — which was built in the 1960s — is in need of many
updates due in part to its failing sewer lines. The first public hearing on the grant was
held during the town council’s August monthly meeting. A spokesperson for Southern
Indiana Development Commission provided the details during the hearing on the
$600,000 grant. Estimated cost of the improvement project is $667,000. A town match
totaling $67,000 would be required if the grant is awarded, she said. The grant
application proposal is due August 14 and the grant application is due October 2.
Several studies on the town’s system have been conducted in the past. In 2006, a
representative of Midwest Engineering suggested rehabilitating manholes in order to
- 11 -
cut inflow and infiltration of storm water into the waste water treatment plant. He also
suggested replacing two lift stations among other repairs. In 2007, he reported that the
town’s system was working at a 115 percent capacity — well over the 80 to 85 percent
mark that it should be at. In April 2008 a section of Mill Street collapsed after a main
sewer line burst. In December 2008, he updated the town council on a proposed sewer
project — which would rehabilitate the system and come with a price tag of between
$2.2 million and $2.3 million.
Source: http://gcdailyworld.com/story/1560020.html
24. August 4, Natchez Democrat – (Louisiana) Ferriday approves ‘emergency’ for water
tank. A resolution passed Monday by the Ferriday, Louisiana Town Council will
quicken the pace at which the town can address its water woes. The Ferriday mayor
said Monday’s declaration of public emergency will allow the town to eliminate the
need to accept bids for 30 days for the installation of a new water tank. With $250,000
recently awarded to the town through the Community Water Enrichment Fund,
$200,000 of the town’s own money coupled with Monday’s declaration could have the
new water tank installed before the end of the year, he said. And the installation of the
new tank is the first step in having the town removed from a mandatory boil-water
issued May 12. Town residents still have concerns about the quality of the water. One
woman at Monday’s meeting, who said her grandchildren were getting rashes as a
result of using the town’s water, said she and her family have resorted to rainwater
they’re now collecting in barrels for their baths. And still other residents questioned the
quality of water their children would have to drink at the start of the new school year.
The mayor said the National Guard will provide bottled drinking water for students.
Source: http://www.natchezdemocrat.com/news/2009/aug/04/ferriday-approvesemergency-water-tank/
[Return to top]
Public Health and Healthcare Sector
25. August 5, Bloomberg – (International) Plague-spreading fleas gain ground, may spur
cases. Plague-spreading fleas are expanding their territory, putting more people at risk
of catching the lethal illness, a World Health Organization official said. Three people in
China were reported the past week to have died from pneumonic plague, the
pneumonia-causing form of the bacterial disease. Centuries after bubonic plague, the
most common form, killed millions in medieval Europe, the scourge remains
entrenched in parts of Africa, Asia and the Americas. Areas where it circulates among
rodents and the fleas that feed on them are widening, and increased human activity in
central Asia and other affected areas is heightening the risk of human infection, said a
WHO doctor who has investigated outbreaks for eight years. “It means that we can
expect more sporadic human cases in the future,” he said Wednesday in a telephone
interview from Geneva, where his agency is based. Vaccines to protect people against
plague pneumonia are being developed, with newer formulations being tested for safety
and effectiveness.
Source: http://www.bloomberg.com/apps/news?pid=20601124&sid=aPOXqMh_fzr4
- 12 -
26. August 5, Bay City News Service – (California) California nurses say swine flu
training, protections inadequate. More than 100 nurses gathered on the steps of the
University of California at San Francisco (UCSF) Medical Center Wednesday to
protest what they say are unsafe practices in the handling of swine flu patients. The
nurses said they are concerned about being improperly exposed to the H1N1 virus,
which jeopardizes their own safety and the safety of the public. The California Nurses
Association organized the protest, and members want the language in their contracts to
be changed to codify stricter safety standards. Protesters wore surgical masks and
carried signs that read, “Nurses and patients demand swine flu protection.” A nurse in
Sacramento died July 17 after she was exposed to swine flu, according to the CNA.
They also said that two weeks ago, another nurse at UCSF was allegedly fired for
speaking out against the hospital’s handling of swine flu exposure.
Source: http://www.mercurynews.com/breakingnews/ci_13001847?nclick_check=1
[Return to top]
Government Facilities Sector
27. August 6, Honolulu Advertiser – (Hawaii) Army may clear bombs. A Pentagon
official told a joint Wai’anae Coast and Nanakuli/Ma’ili Neighborhood Board meeting
on August 5 that the Army is moving toward the removal of munitions dumped in the
ocean after World War II at a site off Wai’anae known as Ordnance Reef. An assistant
for munitions and chemical matters with the Army told the approximately 60 people
attending the meeting that the military is now ready to test equipment that would
remotely remove some 2,000 explosive devices from the ocean floor at a depth of 130
feet and then detonate them on a barge on the water. Development of the remotely
operated devices could begin as soon as September, using modified equipment used in
oil exploration, the official said. That process should take about a year, after which the
recovery process could actually begin. The coordinating council includes
representatives of community groups as well as numerous federal and state agencies,
including the National Oceanic and Atmospheric Administration, the Army Corps of
Engineers, the state Department of Health and the University of Hawai’i. Last month
NOAA scientists began a year-long study of ocean current patterns around Ordnance
Reef. That study, which involves placing four monitoring sensors off the coast, is
expected to help officials decide whether munitions should be removed from the area.
A similar sensor will also be placed at another disposal site 32 miles offshore. The
federal Department of Defense is still considering whether to recover what a 2007
NOAA report described as more than 2,000 tons of chemical agents, including cyanide,
lewisite, mustard and cyanogens chloride at deeper ocean levels.
Source:
http://www.honoluluadvertiser.com/article/20090806/NEWS11/908060327/Army+may
+clear+bombs
28. August 6, Diamondback – (Maryland) McKeldin evacuated in bomb
scare. University of Maryland police evacuated McKeldin Library and roped off a
large section of McKeldin Mall August 5 after a suspicious package, which was later
- 13 -
found to be harmless, was spotted outside of the building. The evacuation and
subsequent emergency procedures left some students wondering why no text alert was
issued to the university community. The spokesman said once police cleared the
building and laid a perimeter around it, the potential threat to the community was no
longer imminent - police were firmly in control of the situation. “Our officers were
keeping everyone out, and we had the building surrounded,” he said. “There was no
present danger. If anyone had been at risk, we would have sent out a text alert to let
people know.” The Prince George’s County Fire Department’s bomb squad was called
in to investigate the package. The squad used a bomb disposal robot to inspect the
object, and later sent in a bomb technician dressed in a protective suit. The spokesman
said the package itself consisted of a weighted box - about the same dimensions of a
shoebox - wrapped in silver duct tape. A footlong section of PVC pipe was bound to
the box with twine, and a Prince George’s County fire department spokesman said it
resembled “an explosive device.”
Source:
http://media.www.diamondbackonline.com/media/storage/paper873/news/2009/08/06/
News/Mckeldin.Evacuated.In.Bomb.Scare-3754018.shtml
29. August 6, St. Petersburg Times – (Florida) Evacuation at Hillsborough County
courthouse caused by gun-like lighter. Law enforcement forced 3,200 people to
evacuate Hillsborough County’s George E. Edgecomb Courthouse Wednesday after a
security worker discovered that someone had slipped through an X-ray scanning
machine with what appeared to be a semiautomatic pistol stuffed in a bag. After a fullday investigation, sheriff’s detectives discovered the supposed weapon was a lighter.
But it is still unclear how a Tampa woman was able to walk through security, grab her
bag from the conveyor belt and move into the building before a security worker
viewing the X-ray monitors recognized a picture of a gun and notified others. The
Sheriff’s Office has 130 bailiffs assigned to the county courthouse, but their primary
charge is to secure courtrooms. Hillsborough County government supplies unsworn
security workers to operate the front-door screenings. The noontime evacuation lasted
an hour and 45 minutes.
Source: http://www.tampabay.com/news/publicsafety/article1025046.ece
30. August 6, Associated Press – (Utah) SRS to ship waste to facility in Utah. Nearly
15,000 drums of depleted uranium oxide will be shipped from South Carolina for
disposal in Utah under a contract awarded by the Department of Energy. The 14,800
drums of Savannah River Site waste will be disposed of at EnergySolutions Inc.’s
facility about 70 miles west of Salt Lake City. The shipments will take place over 14
months, although it was unclear Wednesday when they would start. The announcement,
made by the Energy Department in mid-July, comes as EnergySolutions fights an effort
to place a moratorium on the disposal of depleted uranium in Utah.
Source: http://chronicle.augusta.com/stories/2009/08/06/met_543453.shtml
31. August 5, Associated Press – (California) AF cites ‘human factors’ in F-22 crash. An
Air Force investigation has found that the fatal crash of an F-22 jet fighter in California
occurred after the pilot almost lost consciousness in a high-gravity maneuver. The Air
- 14 -
Force says the March 25 accident occurred as the Lockheed Martin test pilot was
performing tests under high gravitational forces 35 miles outside Edwards Air Force
Base. The investigation board determined that during the third test he appeared to have
been subjected to increased physiological stress and his lack of awareness delayed a
recovery maneuver. The pilot attempted a recovery, then determined he had inadequate
altitude and ejected. But the report says he suffered fatal blunt force trauma due to the
aircraft’s speed and windblast.
Source: http://www.military.com/news/article/August-2009/af-cites-human-factors-inf22-crash.html?ESRC=topstories.RSS
32. August 5, Associated Press – (Ohio) City offices in southwest Ohio evacuated after
pipe bomb found in teen’s backpack. Police in a southwest Ohio closed a city office
Wednesday after police found a pipe bomb in a teen’s backpack. Police in Springboro
brought two 16-year-old boys into the police station for questioning early Wednesday
morning and found the device. They quickly took the pipe bomb outside and called the
bomb squad. The discovery forced the evacuation of Springboro city offices and the
cancellation of the Springboro Mayor’s Court.
Source: http://www.fox8.com/news/sns-ap-oh--cityofficeevacuated,0,815404.story
[Return to top]
Emergency Services Sector
33. August 6, Sun-Times News Group Wire – (Illinois) 11 hurt in fight, stabbing at Cook
County Jail. Eleven inmates were hospitalized Thursday morning after a fight and
stabbing at the maximum security division of the Cook County Jail on the Southwest
Side. Paramedics initiated an EMS Plan 1 response, which automatically sends five
ambulances to the scene, for multiple stabbing victims at the Cook County Jail,
according to the Fire Media Affairs chief. Six people were hospitalized in serious to
critical condition. A Cook County Sheriff’s office spokeswoman was able to confirm
four stabbing victims at 6 a.m.
Source: http://www.suntimes.com/news/metro/1703892,w-cook-county-jail-stabbing080609.article
34. August 5, WTVR 6 Richmond – (Virginia) Why is the Richmond police department
shutting down its gun range? A gun range in Ruther Glen, Viriginia used to train
Richmond police officers is off limits. For 40 years, Richmond police officers have
been training and preparing for dangerous situations at the outdoor shooting range
that’s 30 miles north of Richmond. The department recently shut down the facility after
two officers who were taking part in a training exercise were injured when bullet
fragments ricocheted off a pole. One officer was hit in the neck. The other officer was
hit in the arm. Their injuries were not life-threatening. Police are replacing those metal
target holders. “Temporary measures, safety measures were put in place and approved
but the department decided to replace the metal target holders with wooden target
holders,” said a Richmond police spokesman. OSHA cited the department and there is
an ongoing investigation. The spokesman said the department they decided to close the
- 15 -
facility until those metal target holders can be replaced.
Source: http://www.wtvr.com/wtvr-richmond-outdoor-shooting-range,0,7824457.story
35. August 5, KSTP 5 Minneapolis – (Minnesota) Minnesota to go high tech with 911
system. Work will begin this fall on a major upgrade to Minnesota’s 911 emergency
call system. When it is finished, the state will have state-of-the-art technology that will
save time and save lives. One of the highlights of the new 911 system is the ability for
dispatch to receive text messages for help. By texting the digits 911, users can notify
officials of their location. Officials soon hope to include things like medical
information to be associated with a caller’s phone number. For example, if a caller
were hooked up to a heart-monitoring device at home, that information would travel
along with their 911 call or text.
Source: http://kstp.com/news/stories/S1069640.shtml?cat=206
36. August 5, Associated Press – (Iowa) Iowa 911 call center becomes first to accept
texts. An emergency call center in the basement of the county jail in Waterloo, Iowa,
became the first in the country to accept text messages sent to “911,” starting
Wednesday. Call centers around the country are looking at following in its footsteps. “I
think there’s a need to get out front and get this technology available,” Black Hawk
County’s police chief said. He said 911 texting should be of particular help to the
county’s deaf and hard-of-hearing residents, who have had to rely on more
cumbersome methods to reach 911. As a future upgrade, call centers may be able to
receive photos and video from cell phones, which could help emergency responders
prepare for an accident scene or identify a suspect. While most 911 call centers can
now get a rough location for callers, that is not yet possible with texts.
Source:
http://www.google.com/hostednews/ap/article/ALeqM5jQRysLdp0it9uIqDi_ytuMGxp
otAD99ST5RG1
For another story, see item 32
[Return to top]
Information Technology Sector
37. August 6, The Register – (International) Top vendors flunk Vista anti-virus
tests. Security vendors including CA and Symantec failed to secure Windows systems
without fault in recent independent tests. Twelve of the 35 anti-virus products put
through their paces by independent security certification body Virus Bulletin failed to
make the grade for one reason or another and therefore failed to achieve the VB100
certification standard. The main faults were either a failure to detect a threat known to
be in circulation (one particularly tricky polymorphic file infector caused the most grief
in this area) or creating a false alarm about a file known to be benign. Virus Bulletin’s
VB100 tests benchmarks the performance of a vendor submitted anti-virus product
against a set of malware from the WildList, a list of viruses known to be circulating. To
gain VB100 certification, a security product must correctly detect all of these malware
- 16 -
strains without blowing the whistle when scanning a batch of clean files. Vendors only
get one run at passing the tests, which are conducted free of charge to security software
manufacturers. Most, but not all, of the main vendors submits products for testing.
Trend Micro - which has expressed reservations about Virus Bulletin’s testing
methodology - is a notable dissident. The anti-malware test director at Virus Bulletin,
said its biggest problem in running its most recent tests were crashes and system
slowdowns. “Many of the products in this test did prove stable, speedy and well
behaved, but many others had issues far too serious to be classed as mere quirks and
oddities,” he said. “We experienced a large number of freezes, crashes and hangs, not
just of the product interfaces or of specific scans but in many cases seeing the whole
machine shutting down.” Virus Bulletin recently began assessing the reactive and
proactive detection abilities of anti-virus products alongside the long-established
VB100 tests. The new tests are a reflection that the malware landscape has changed
radically over recent years, with greater malware volumes and targeted attacks.
Source: http://www.theregister.co.uk/2009/08/06/vista_anti_virus_tests/
38. August 5, New Scientist – (International) Virtual computer army takes on the
botnets. More than 1 million virtual computers are set to provide insight into how
networks of infected computers called botnets wreak havoc on the internet, as the
Conficker worm did recently. Two researchers of Sandia National Laboratories in
Livermore, California, crammed 250 independent linux “kernels” - the core system of a
computer - onto each of 4400 networked Thunderbird machines, creating a total of over
1.1 million individual virtual computers. While this network cannot mimic the
internet’s estimated 600 million computers, the duo hope to use it to study how a small
number of machines can attack and bring down larger networks. They can also study,
for example, why some botnets prefer to be small and others large.
Source: http://www.newscientist.com/article/mg20327206.100-virtual-computer-armytakes-on-the-botnets.html
39. August 5, Computerworld – (International) Apple patches 18 Mac vulnerabilities,
ships OS X 10.5.8. Apple on August 5 patched 18 vulnerabilities in Mac OS X,
including half a dozen that could let hackers hijack machines by duping users into
viewing malicious image files on the Web. Security Update 2009-003, which was
distributed along with Mac OS X 10.5.8 for Leopard users and delivered separately to
Tiger users, plugged holes in components ranging from ColorSync and Dock to the
kernel and MobileMe, Apple’s for-pay sync and storage service. But it was the six
vulnerabilities in various image file formats that caught the eye of the director of
security operations at nCircle Network Security. “The PNG [Portable Network
Graphics] bug is the most interesting,” said the director of the half-dozen image file
flaws. “It’s a pervasive format that’s frequently on Web sites,” he added, noting that
attackers could trigger the bug simply by getting users to visit malicious sites, a
common tactic in the Windows hacker world. “It’s easy enough to host one of these
malicious files on [a hacker’s] Web site,” the director added. Apple patched four flaws
in the ImageIO component of the Mac’s operating system related to its handling of
OpenEXR images, a format developed by Lucasfilm’s Industrial Light and Magic
visual effects studio in 1999 and released to open-source four years later. The sixth
- 17 -
image vulnerability, also in ImageIO, could be exploited by malformed Canon RAW
photographic files. The August 5 security release was Apple’s smallest this year by
vulnerability count. In May, for example, the California-based computer company
quashed 67 bugs, while February’s security update patched 55. Two of the bugs Apple
called out in its advisory affect Safari, but the flaws are not actually found in the
browser. And with the exception of one vulnerability in the “bzip2” open-source datacompressor, all of today’s bugs were within Apple’s own code. The director also called
attention to the MobileMe vulnerability, which, although not serious, could be used by
unscrupulous friends or co-workers to access someone’s account. “A logic issue exists
in the MobileMe preference pane,” Apple said in the advisory. “Signing out of the
preference pane does not delete all credentials. A person with access to the local user
account may continue to access any other system associated with the MobileMe
account which had previously been signed in for that local account.” More than half of
the vulnerabilities -- 10 of the 18 -- were labeled with Apple’s “arbitrary code
execution” phrase, meaning the flaws are critical and could be exploited to compromise
a Mac. Unlike other vendors, such as Microsoft and Oracle, Apple does not assign a
threat ranking to the bugs it discloses.
Source:
http://www.computerworld.com/s/article/9136311/Apple_patches_18_Mac_vulnerabili
ties_ships_OS_X_10.5.8
40. August 5, ChannelWeb – (International) Apple keyboard firmware vulnerability
detected by BlackHat researcher. On top of patching the iPhone SMS flaw, Apple
has to deal with a keyboard firmware vulnerability that allows hackers to silently log
keystrokes to steal passwords and other identifying information. During the BlackHat
conference in Las Vegas, one hacker demonstrated that Apple keyboards contain a flaw
that enables cybercrooks to launch key-logging software designed to record keystrokes.
Any personal information entered by the users, such as passwords and credit card
numbers, can then be swiped by the attackers. The vulnerability, which stems from a
poorly designed firmware upgrade in the keyboard USB buses, enables a rootkit to
flourish with a clean reinstallation of the host operating system. Apple’s keyboards
contain enough RAM and flash memory -- albeit a small amount -- for hackers to inject
key-logging software. Once injected in the Apple keyboard firmware, the key-logging
software is almost undetectable by the malware-detection system. The attack is further
enabled by the fact that the keyboard firmware updater is unencrypted and doesn’t
require validation. The security researcher who first detected the Apple firmware
vulnerability said that many modern firmware upgrade devices embedded in the
keyboards contain cheap microcontrollers that make it difficult to verify cryptographic
signatures. During the BlackHat conference, the researcher demonstrated how the
exploit could be used to obtain passwords, login credentials and other information
typed into the system by the user.
Source:
http://www.crn.com/security/219100131;jsessionid=2KG2XIAH5AIQ1QE1GHOSKH
WATMY32JVN
- 18 -
41. August 5, Washington Post – (International) Researchers: XML security flaws are
pervasive. Security researchers on August 5 unveiled details about a little-known but
ubiquitous class of vulnerabilities that may reside in a range of Internet components,
from Web applications to mobile and cloud computing platforms to documents, images
and instant messaging products. At issue are problems with the way many hardware
and software makers handle data from an open standard called XML. Short for
“eXtensible Markup Language,” XML has been used for many years as a fast and
efficient way to transport, store and structure information across a wide range of often
disparate applications. Researchers at Codenomicon Ltd., a security testing company
out of Oulu, Finland, say they found multiple critical flaws in XML “libraries,” chunks
of code that are typically used and re-used in software applications to process XML
data. Codenomicon is a spinoff from the University of Oulu, and is run by many of the
same individuals who in 2001-2002 found and reported a widespread vulnerability in a
remote Internet management protocol called ASN.1. That research kicked off months
of studying and patching by the U.S. government and private sector, which found the
ASN.1 flaws extended to some of the nation’s most critical electronic infrastructures,
including the telephone network, the power grid, and air traffic control systems. A
Codenomicon board member who served as cyber security adviser to a former U.S.
President during the ASN.1 episode, said these XML flaws are nearly as widespread.
The adviser said the result of a successful attack against a vulnerable XML library
could range from allowing the remote installation of malicious software to simply
sending the application into an infinite loop, rendering it temporarily inaccessible.
“XML is being used in so many different things we’re doing on the Web today,” the
adviser said. “So it’s a big deal when something goes wrong with something that’s
Internet-facing that so many people depend upon.” XML is used in a variety of
document formats (docx, openoffice, playlists, configuration files and RSS feeds, to
name a few). As a result, there are numerous vectors for attacking XML flaws
remotely, such as sending malicious documents or network requests, said an
information security adviser for CERT-FI, the Finnish Computer Emergency Response
Team. The security advirer for CERT-FI said three major software makers — including
Sun Microsystems, Apache Software Foundation and Python Software Foundation —
are expected to release updates on August 5 to address the XML flaws (Sun’s Java
Update — Java 6 Update 15 — is already out, and mentions at least two XML flaws).
Source:
http://voices.washingtonpost.com/securityfix/2009/08/researchers_xml_security_flaw.h
tml
42. August 5, The Register – (International) Microsoft gets personal on Windows
7. Microsoft has gotten personal in responding to reports of a “show stopper” bug in
Windows 7 capable of delaying the planned roll-out, which starts on August 6. The
company has blamed a chip-set controller issue rather than a critical bug in the
Windows 7 chkdsk /r tool that could cause a memory leak capable of causing a user’s
PC to seize up and crash. Windows 7 customers have been advised to update their
chipset drivers to the current driver supplied by their motherboard manufacturer. That
came after the president of Microsoft’s Windows division took on those who had used
blogs and online forums to jump on Windows 7 and the Microsoft development and
- 19 -
testing process. The president said Microsoft had not reproduced the crash or
experienced any crashes with chkdsk on the stack reported in “any measurable
number.” He appeared to take particular issue, however, with descriptions of a “critical
bug” and “showstopper” in Windows 7, of bugs being “out of place” and comments
Windows 7 would have to be delayed. The code is to be released to MSDN and
TechNet subscribers on August 6 and OEMs a few days later, with the official launch
planned for October 22.
Source: http://www.theregister.co.uk/2009/08/05/windows_7_show_stopper_bug/
Internet Alert Dashboard
To report cyber infrastructure incidents or to request information, please contact US-CERT at sos@us-cert.gov or
visit their Website: http://www.us-cert.gov.
Information on IT information sharing and analysis can be found at the IT ISAC (Information Sharing and
Analysis Center) Website: https://www.it-isac.org/.
[Return to top]
Communications Sector
43. August 5, Inquirer – (International) Latvian botnet host canned. A Latvian hosting
company that was thought to have harbored the world’s biggest phishing botnet has
been forced to shut up shop by the Swedish telecoms outfit Telis Sonera. Real Host,
which owned the AS8206 Junik server based in Riga that spread the Zeus botnet, has
been linked to almost half of the world’s phishing attacks in which Russian gangsters
attempted to steal the identities and bank details of Internet users. The Russian
Business Network (RBN), which inhabited the same server, had been described as one
of the world’s most blatant cybercrime networks and was considered a bullet proof
hosting hub by digital criminals the world over. Under the counter goings on served at
Real Host connected sites included exploits for unpatched zero-day flaws, malware
payloads to drop on victims PCs (including fake codecs, banking trojans, spambots,
fake antivirus software and even a Mac trojan), phishing websites, money mule
(pyramid selling) recruitment sites, cracked software and illegal pornography. Real
Host has been compared to McColo and Atrivo, the two most notorious hosting
companies in the history of the Internet, and was described by one observer as “a
cesspool of criminal activity”. The Zeus trojan is estimated to have infected up to 3.6
million individual PCs and could be purchased from sites hosted on the Latvian server
for as little as $1,000.
Source: http://www.theinquirer.net/inquirer/news/1496304/latvian-botnet-host-canned
[Return to top]
Commercial Facilities Sector
- 20 -
44. August 6, WABC 7 New York – (New York) Building evacuated in Chinatown. As of
3:30 Wednesday, a restaurant is closed and so are 16 apartments on Hester Street in
Chinatown, New York City. The Buildings Department says tenants are at risk if they
stay in the unstable six-story building. Long-time residents slowly made their way out
of the apartment building and onto a bus waiting to take them to a Red Cross-sponsored
hotel. They will have just a few hours on Thursday to clear out their things. Some
tenants say their repeated complaints were ignored. What appears to have finally
doomed the building was construction of a high-rise hotel next door. Now more than
thirty people are homeless, left to find another place to live. The building will be
demolished within a month.
Source: http://abclocal.go.com/wabc/story?section=news/local&id=6950387
45. August 5, Star Community Newspapers – (Texas) 100 kids transported due to bomb
scare. A briefcase found lying in a playground at a recreation center in Plano, Texas
raised a cloud of suspicion for many teachers and staff Wednesday afternoon. About
100 kids were removed from the Douglass Recreation Center and transported to
another facility while Plano police investigated. The bomb squad was dispatched to the
scene at about 1 p.m. They deployed a bomb robot to retrieve the suspicious package.
Through an X-ray investigation, officers were able to determine that the briefcase was
empty and the area safe. “The package was out of place and left unattended,” said
Plano police spokesman. “A teacher thought it looked unusual.” The Douglass
Recreation coordinator said the children transferred to Liberty Recreation Center were
part of the Boys and Girls Club of Collin County.
Source: http://www.scntx.com/articles/2009/08/05/plano_star-courier/news/478.txt
46. August 5, WTTG 5 Washington, D.C. – (Maryland) Bug bombs cause apartment
explosion. The contents of a little can of fogger will kill bugs dead, and if used
improperly it can also cause large explosion. It happened Wednesday in a Hyattsville,
Maryland apartment after homeowners set off seven of the Bug Bombs in a small
apartment. Prince Georges County Fire officials say a Hyattsville woman was injured
by flying glass from the blast. Packages have clear warnings on them. In typical
apartments, no more than one should ever be used. In a large house, no more than two
should be used. In Wednesday’s incident, she was using seven of these bug bombs.
Another problem was that she did not turn off the ignition source. The homeowner did
leave the apartment, but by the time she got outside to the front entrance, the apartment
exploded.
Source:
http://www.myfoxdc.com/dpp/news/local/080509_bug_bombs_cause_apartment_explo
sion
47. August 5, WACH 57 Columbia – (South Carolina) Explosive device designed to
destroy found in W. Columbia. Investigators say a maintenance worker at the
Woodbine Apartments in West Columbia, South Carolina found a Rocket Propelled
Grenade, or RPG, in a vacant apartment on Tuesday. Authorities later determined the
RPG was inactive. The fire chief said the military had to be called in to help with the
- 21 -
investigation, so authorities could determine exactly where the device came from.
Source: http://www.midlandsconnect.com/news/news_story.aspx?id=333577
For another story, see item 4
[Return to top]
National Monuments and Icons Sector
48. August 5, Grand Junction Daily Sentinel – (Colorado) Vandals hit historic shelter at
monument. A Colorado National Monument superintendent said the parking lot and
most of a historic sandstone shelter at Devil’s Kitchen will open again today in the
wake of vandalism likely to top $15,000 in damage. The superintendent said a
maintenance worker who was opening an access gate around 6 a.m. Tuesday
discovered some 21 glass panes and a mirror shattered, many of them dating to the
sandstone shelter’s construction in 1941 by workers with the Civilian Conservation
Corps. Inside the building, they found roughly 40 rocks apparently thrown from the
outside. Glass shards littered the interior and exterior. Various janitorial equipment and
a fire extinguisher were removed from a closet. The extinguisher was emptied around
the property and on nearby picnic tables, while human excrement was left behind.
Several door handles and latches were broken off. The vandalism was believed to have
occurred late Monday night or early Tuesday.
Source:
http://www.gjsentinel.com/hp/content/news/stories/2009/08/05/080609_3a_monument
_vandals.html
49. August 4, Associated Press – (National) DNA-like technique may help nab fossil
thieves. Stolen dinosaur bones and other fossils snatched illegally from federally
owned land often disappear into living rooms, lucrative underground markets, or
expensive private collections. But a new forensic technique — something akin to DNA
fingerprinting — could give investigators a long-sought tool to track fossil thieves.
Researchers are testing methods designed to match chemical signatures of naturally
occurring elements that seep into bones during fossilization with surrounding soil. The
process — which analyzes a group known as rare earth elements — could someday
lead to a database of site “fingerprints” used to link bones to looted areas. More work is
needed, but early signs are encouraging that the technique could be useful in nabbing
those capitalizing on looted fossils, said a researcher at Temple University in
Philadelphia. Testing on the technique continues in Wyoming this summer. It has been
honed since 2005 at Nebraska National Forest, a hot spot for fossil thieves. So far,
results indicate the analysis could tie 85 percent to 98 percent of fossil samples back to
their original sites. The researchers are also speaking with officials at South Dakota’s
Badlands National Park about starting a database of the park’s most poached sites.
“People are making a living off of selling resources that belong to the American
public,” said a supervisor for the U.S. Bureau of Land Management’s paleontological
- 22 -
operations in Utah, Nevada, Oregon and Washington.
Source:
http://www.google.com/hostednews/ap/article/ALeqM5iH87zS6jNLdv2UccloPxwvo6q
FYQD99RI3GO0
[Return to top]
Dams Sector
50. August 6, WZZM 13 Grand Rapids – (Michigan) Oceana County lake being drained
to save dam. Some lake shore residents are losing their lakefront living at the rate of
6,000 gallons a minute. A large pump began draining Lake Holiday on August 1. The
Department of Environmental Quality (DEQ) says a dam that keeps the privatelyowned lake from draining into Upper Silver Lake near Mears is a hazard and it needs to
be fixed. For 24 hours a day, non-stop since August 2, authorities have pulled the plug
on Lake Holiday. The dam that holds back the 100-acre lake has a potential dangerous
problem. According to a DEQ inspector, a 6-foot pipe that runs under the dam has
developed multiple holes. Those holes are allowing water to wash away soil under the
dam, which puts the dam’s integrity into question. The dam is inspected about every
third year by the DEQ. Following the most recent inspection, the DEQ labeled the dam
a “high hazard area.” It gave the county drain commissioner just one option; to
immediately drain Lake Holiday. The lake will be taken down to a point low enough
for a thorough inspection. If the dam gave out, a surge of water could injure residents
or damage property on adjacent Upper Silver Lake. The county drain commissioner is
not providing any estimates on when, or if, the lake will be allowed to fill up.
Source: http://www.wzzm13.com/news/story.aspx?storyid=112173&catid=2
51. August 5, WWL 4 New Orleans – (Louisiana) Inspectors find problems with 17th
Street Canal pumps. Some of the pumps at the 17th Street Canal in New Orleans
have been pulled out of the site after inspectors discovered problems with six of the
hydraulic pumps there. “It’s taken the three years, that they’ve been in service, for this
problem to got bad enough to require this attention,” said the Army Corps of Engineers
17th Street Canal captain. A routine inspection uncovered major corrosion on six of the
pumps. Corps officials said a high salinity content in the water may be to blame. “The
17th Street Canal site is closer to the lake than the other sites, so it’s salinity in the
water, and combined we actually have a set of six pumps of all of our pumps, only six
of them are installed deeper than the others,” the captain said. Because the six pumps
are located underwater, the only way to fix them is to bring them onto dry land,
effectively taking them out of the pumping system. The Corps said, during repairs, they
are only removing two of the pumps at a time, in order to maintain a 95 percent
pumping capacity. So far, the corrosion problems have only been found at pumps at the
17th Street Canal. Two have already been fixed and put back into the system. Two are
currently being repaired and two more still need work. The Corps said it will take seven
weeks to finish the repairs.
Source: http://www.wwltv.com/topstories/stories/wwl080509cb17canal.b06b692b.html
- 23 -
[Return to top]
DHS Daily Open Source Infrastructure Report Contact Information
About the reports - The DHS Daily Open Source Infrastructure Report is a daily [Monday through Friday]
summary of open-source published information concerning significant critical infrastructure issues. The DHS Daily
Open Source Infrastructure Report is archived for ten days on the Department of Homeland Security Website:
http://www.dhs.gov/iaipdailyreport
Contact Information
Content and Suggestions:
Send mail to NICCReports@dhs.gov or contact the DHS Daily
Report Team at (202) 312-3421
Subscribe to the Distribution List:
Visit the DHS Daily Open Source Infrastructure Report and follow
instructions to Get e-mail updates when this information changes.
Removal from Distribution List:
Send mail to support@govdelivery.com.
Contact DHS
To report physical infrastructure incidents or to request information, please contact the National Infrastructure
Coordinating Center at nicc@dhs.gov or (202) 282-9201.
To report cyber infrastructure incidents or to request information, please contact US-CERT at soc@us-cert.gov or visit
their Web page at www.us-cert.gov.
Department of Homeland Security Disclaimer
The DHS Daily Open Source Infrastructure Report is a non-commercial publication intended to educate and inform
personnel engaged in infrastructure protection. Further reproduction or redistribution is subject to original copyright
restrictions. DHS provides no warranty of ownership of the copyright, or accuracy with respect to the original source
material.
- 24 -
Download