. January 28, Aviation Week – (International) ATC evacuation disrupts transatlantic flights. The Nav Canada air traffic control center that handles most transatlantic traffic was temporarily evacuated January 27, causing ground delays and re-routings. Controllers had to leave the Gander Area Control Center in Newfoundland, Canada, at about 9:15 a.m. due to smoke coming from an electrical panel in a power supply room. They returned about 40 minutes later, but it took longer to get systems up and running. While Gander was offline, controllers in the nearby Moncton center took responsibility for the Gander oceanic airspace. However, a ground delay was issued for flights headed east to Europe until about 3 p.m. About 20 U.S. transatlantic flights were affected by this delay, a Nav Canada spokeswoman said. Some flights did take off, but stayed further south in the FAA’s New York oceanic airspace. Westbound flights from Europe also were delayed on the ground due to the Gander evacuation, but numbers are not yet available.
Source: http://www.aviationweek.com/aw/generic/story_channel.jsp?channel=comm&id=news/awx/2011/01/27/awx_01_27_2011_p0-285846.xml&headline=ATC Evacuation Disrupts Transatlantic Flights
. January 28, Bloomberg – (International) Japan evacuates homes, cancels flights as volcano spews ash mile into sky. Japan’s government issued alerts after a volcano on the southern island of Kyushu erupted for the first time in 52 years, causing the evacuation of homes and cancellation of more than 60 flights. Shinmoedake, in the Kirishima range, erupted January 27, spewing ash as high as 8,200 feet into the air, Japan’s Meteorological Agency said. A second eruption occurred January 28 at about 1 p.m. local time, national broadcaster NHK reported. Ash from the volcano reached Miyazaki city, 30 miles to the east, according to the broadcaster. Japan Airlines Corp. canceled 37 flights to or from nearby Miyazaki airport, according to its website January 28. Three additional flights will be scrapped January 29, it said. All Nippon Airways Co., Asia’s largest listed carrier, canceled 24 flights affecting 3,350 people, spokeswoman said by phone January 28.
. January 27, Washington Post – (Virginia) Va. transportation chief says state did its best to deal with snowstorm. Virginia Secretary of Transportation said January 27 that state officials responded as “best as we could under the circumstances’’ of the January 26 storm that dropped as much as 9 inches in parts of Northern Virginia. The secretary said transportation department workers were stymied by rain that washed away pre-treated salt from roads and an earlier-than-anticipated rush hour when the federal government let employees go 2 hours early. An enormous number of cars were abandoned on roads, which state police have been towing. As of early January 27, 500,000 customers had no power in Northern Virginia and 200 traffic signals were out. State officials did not consider declaring an emergency — which would allow the National Guard to be activated and supplies and equipment to be mobilized quicker — because that is only done for major natural disasters. About 4 inches fell in Arlington, 5 inches in Fairfax and Prince William, and 9 inches in Loudoun, according to state totals. More than 2,200 pieces of equipment were used to clear snow, as transportation department employees worked all night.
Source: http://voices.washingtonpost.com/virginiapolitics/2011/01/virginia_official_says_state_d.html For another story, see item 1
Emergency Services Sector
. January 27, Orlando Sentinel – (Florida) Terror-attack training: Old arena, 9 hospitals used for emergency exercise. In a mock terrorist attack, police officers carrying assault rifles descended on the old arena in Orlando, Florida, while rescue crews escorted schoolchildren covered in fake blood and bruises from the building January 27. The event was conducted by Orlando police, firefighters, and other law-enforcement agencies as a training exercise — the second of its kind after a 2009 downtown shooting rampage that left one man and left five others wounded inside the RS&H engineering firm. Law enforcement handled the simulated siege as a worst-case scenario involving officials from Homeland Security, Lynx, the Orange County Sheriff’s Office, Rural Metro and emergency-operations centers in Orlando and Orange County. Hazmat teams donned protective “moon suits,” oxygen tanks and gas masks. Several armored vehicles waited alongside the old arena and Orlando police bomb-squad unit deployed a robot used to detonate explosives. The mock terrorist attack presents a scenario where people could be trapped in a building and afraid to leave.
. January 27, Boston Globe – (Massachusetts) Reminder to clear fire hydrants of snow. The Needham Fire Department in Massachusetts would like residents and business owners to clear snow and ice from fire hydrants in their neighborhood. Due to the many recent snow storms, several fire hydrants are very difficult to locate, and are buried in frozen snow banks. If not shoveled out, the fire department could lose time attempting to dig away through the snow and ice. It is critical to effective firefighting operations that they have immediate access to fire hydrants, and the fire department requests the assistance of the community with this task.
Source: http://www.boston.com/yourtown/news/needham/2011/01/reminder_to_clear_fire_hydrant.html For more stories, see items 16, 19, and 42
. January 28, The Register – (International) UK.gov braces for Anonymous hacklash. U.K. government websites have been warned to brace themselves for website attacks in the wake of the arrest of five Britons as part of an investigation into Anonymous the week of January 23. Members of the Anonymous hacking collective condemned the arrests, arguing that denial of services attacks are a legitimate protest tactic, comparable with staging a sit-in or picketing. In a statement, the group criticizedthe police operation as disproportionate, describing it as “a serious declaration of war from yourself, the U.K. government, to us, Anonymous, the people.” Information security agency GovCertUK has taken this implied threat seriously, issuing an advisorurging government websites to prepare defenses against possible attack.
. January 28, Softpedia – (International) Kapersky anti-virus source code leaks online. The source code for one of Kaspersky’s security suite products has been leakedonline and is available for download from torrent and file hosting websites. According to a description accompanying the release, the sources were stolen from Kaspersky Lain 2008 and the last changes made to them date from December 2007. The code is written in C++ and Delphi and covers the anti-virus engine, as well as the anti-phishing, anti-dialer, anti-spam, parental control, and other modules. It is unknown what version of Kaspersky’s security suite the sources actually correspond to, but 8.0 is the most likely candidate. The Russian vendor’s line of products is now at version 11.0, which is publicly marketed as 2011 and PURE, for the most complete offering.
. January 28, Softpedia – (International) Eight-character password bug identified on Amazon. A password bug has been identified on Amazon, where the casing and everything after the first eight characters is ignored for older access codes. The discussion about this problem was started on Reddit by a user who noticed that Amazon’s system would authenticate him even if he mistyped the ending of his password. Apparently, the issue exists only for access codes longer than eight characters. And, after analyzing the implications, that the impact is quite limited — if an attacker would decide to hack a user whose password is common eight-letter word, they would still need to find out their e-mail addresses. Giving the sheer size of Amazon and the likely protection against brute force attacks, finding even a single match would probably take a lot of time, even with lists of already harvested e-mail addresses. In addition, the password must not have been changed in a long time, because this trick does not appear to work with newer access codes, probably because the source of the bug is an old password hashing algorithm.
. January 27, H Security – (International) 50 million viruses and rising. IT security lab AV-Test registered the 50 millionth new entry into its malware repository January 27. The malware in question is a PDF file which exploits a security hole in Adobe Reader to infect Windows systems. It has not been given a name yet because it has not been fully identified. So far, only the heuristics of Authentium, Eset, F-Prot, Kaspersky, and McAfee have issued a generic message such as: “HEUR:Exploit.Script.Generic.” This new item of malware confirms the trend that attackers trying to infect PCs no longer use mainly the security holes in operating systems or browsers as their point of entry. Instead, malware authors are focusing on third party applications.
. January 27, IDG News Service – (International) FBI executes 40 search warrants in quest for ‘Anonymous’. Police agencies worldwide are turning up the heat on a loosely organized group of WikiLeaks activists. U.K. police arrested five people January 27, and U.S. authorities said more than 40 search warrants have been executed in the United States in connection with December’s Web-based attacks against companies that had severed ties with WikiLeaks. Investigations are also ongoing in the Netherlands, Germany, and France, the FBI said January 27. Acting on information from German authorities, the FBI raided Dallas ISP Tailor Made Services in December, looking for evidence relating to one of the chat servers used by Anonymous. Another server was traced to Fremont, California’s Hurricane Electric. The actions come after Anonymous knocked websites for MasterCard, Visa and others offline briefly by recruiting volunteers to target them with a network stress-testing tool called LOIC (Low Orbit Ion Cannon). LOIC flooded the sites with data, making them unable to serve legitimate visitors.
. January 27, Softpedia – (International) Most computers infected with SpyEye are located in Poland. Security researchers from Trend Micro have recently investigated new developments surrounding the SpyEye crimeware and have discovered that most computers infected with this threat are located in Poland. SpyEye is a sophisticated banking trojan which appeared around a year ago and positioned itself as an alternative to the ZeuS crimeware toolkit. With a similar set of features for a much lower price, SpyEye not only competed with ZeuS for market share, but also removed it from the computers it infected. In a Twitter update, TrendLabs announces that most SpyEye-infected computers are located in Poland, which is unusual giving that most banking trojans usually target users and companies in U.S. and U.K.
. January 26, The H Security – (International) Conficker: Lessons learned report published. The Conficker Working Group has published a report by the Rendon Group, based on work funded by the Department of Homeland Security, on the “Lessons Learned” from the international effort to contain the virulent Conficker worm, a botnet infection that spread throughout the world in 2009. The report, written in the summer of 2010, documents the history of the Conficker worm, from the early reports in November of 2008 through to 2009 when Conficker infections were widely reported. Security researchers started to work together on solving the problems posed by the worm in 2008, a cooperation which eventually became the Conficker Working Group.
Internet Alert Dashboard
To report cyber infrastructure incidents or to request information, please contact US-CERT at sos or visit their Web site: http://www.us-cert.gov Information on IT information sharing and analysis can be found at the IT ISAC (Information Sharing and Analysis Center) Web site: https://www.it-isac.org