Department of Homeland Security Daily Open Source Infrastructure Report

Wednesday, December 24, 2008

Complete DHS Daily Report for December 24, 2008

Daily Report


 According to the Los Angeles Times, federal inspectors said Monday that they will ratchet up scrutiny of the San Onofre nuclear plant in California after discovering that a battery meant to power safety systems had been inoperative for four years. (See item 4)

4. December 23, Los Angeles Times – (California) San Onofre nuclear plant under tighter federal scrutiny. Federal inspectors said Monday they will ratchet up scrutiny of the San Onofre nuclear power plant after discovering that a battery meant to power safety systems had been inoperative for four years. Plant personnel discovered in March that bolts connecting an emergency battery to a circuit breaker were loose, a problem the U.S. Nuclear Regulatory Commission attributed to poor maintenance. The commission said that the twin-reactor plant near San Clemente, run by Rosemead-based Southern California Edison, remains safe, and that other backup batteries are functioning. But the commission expressed concern that the battery problem had gone unnoticed from 2004 to 2008. Apart from the battery, the commission discovered seven additional safety flaws that it described as minor in themselves — including poor documentation and inconsistent follow-up on potential problems — but that taken together formed a troubling picture. As a result, the commission issued a “white finding,” characterized as a low- to moderate-level safety concern, and said it will step up inspections at San Onofre until it sees improvements. In a news release, Edison said it accepted the commission’s findings and promised to ramp up “the rigor needed in problem identification and resolution.” Source:,0,4905009.story

 The Washington Post reports that a massive underground pipe rupture on Tuesday in Montgomery County, Maryland, flooded a road with 4 feet of water, trapping motorists and blocking a major commuter artery. (See item 17)

17. December 23, Washington Post – (Maryland) Motorists rescued after massive water main break. In Montgomery County, Maryland, a massive underground pipe rupture flooded River Road with 4 feet of rapidly swirling water Tuesday morning, trapping motorists and blocking a major commuter artery. The break caused “widespread water outages” in school buildings across lower Montgomery County, officials said, affecting the heating system in some cases as well. More than 100 customers were without water, a spokesman for the Washington Suburban Sanitary Commission said. He said the rupture did not affect the safety of the county water supply. The 66-inch water pipe burst shortly before 8 a.m., sending a 4-foot wall of water onto River Road in Bethesda and trapping 15 people in about a dozen vehicles. The spokesman said the depth and speed of the current made it too dangerous for workers to reach the site where the 44-year-old pipe had ruptured and turn off the valve. Instead, workers had cut the supply from the Potomac Filtration Plant to reduce the amount of water flowing through the pipe, which is a direct line from the plant. They had located two valves up the line from the break and were trying to close them in order to stop the water entirely, he said. The flow had subsided substantially by 11:30 a.m. There was no initial information on why the large pipe might have ruptured, but age and extreme weather are often factors in such breaks. Source:


Banking and Finance Sector

8. December 22, Times-Picayune – (Louisiana) Telephone scam cons 450 in Jefferson Parish of credit card information. More than 450 residents have received telephone calls from credit card scammers who used phony automated messages to con victims out of account information over the weekend, a spokesman for the Jefferson Parish Sheriff’s Office said. And it seems the scam has gone national, with reports of similar mass messages left on the telephones of residents in Atlanta, Georgia; Richmond, Virginia; and Dallas, Texas according to a spokesman for the Jefferson Parish Sheriff’s Office. The sheriff issued a formal warning about the scam Sunday. As of Monday morning, investigators had found only 14 people who actually gave up personal information. The calls apparently began as early as Thursday night. The scammers would dial up home telephones and even wireless phones and play a recorded message from a person purporting to be from the Jefferson Parish Sheriff’s Office, the Jefferson Parish Federal Credit Union, or a security firm, according to authorities and victims. Source:

9. December 22, San Jose Mercury News – (California) Key Fry’s executive arrested in alleged $65 million fraud scheme. A one-time computer salesman who rose through the ranks to help build Fry’s Electronics into a robust national retailer is facing allegations that he defrauded the San Jose-based company out of $65 million. The 42-year-old, who has been Fry’s vice president of merchandising and operations, appeared in federal court Monday, where prosecutors filed a complaint that alleges he was involved in a “secret kickback scheme to defraud Fry’s Electronics of millions of dollars.” Fry’s executives did not know about the illegal kickbacks, the federal complaint states. The alleged scheme occurred from 2005 until mid-October when a Fry’s high-level employee walked into the defendant’s office and saw confidential spreadsheets, letters, and extraordinarily high commission amounts on the defendant’s desk. The defendant is expected to be formally charged in U.S. District Court on January 15, on counts of money-laundering and wire fraud. Source:

10. December 22, Associated Press – (Massachusetts) Subway fare hackers to partner with transit agency. A trio of Massachusetts Institute of Technology students who found a way to hack into the Boston subway system’s payment cards have agreed to partner with transit officials there to make the system more secure. The Electronic Frontier Foundation announced the agreement Monday, two months after the Massachusetts Bay Transportation Authority (MBTA) dropped a lawsuit against the students. The students have argued all along they were trying to help the MBTA by giving it advance notice of their planned talk last summer and keeping specific details of their hack secret. But the MBTA worried of widespread fare fraud if students discussed how they were able to add hundreds of dollars in value to MBTA’s two primary payment cards. Source:

Information Technology

22. December 22, IDG News Service – (International) Microsoft warns of SQL attack. Just days after patching a critical flaw in its Internet Explorer browser, Microsoft is now warning users of a serious bug in its SQL Server database software. Microsoft issued a security advisory late Monday, saying that the bug could be exploited to run unauthorized software on systems running versions of Microsoft SQL Server 2000 and SQL Server 2005. Attack code that exploits the bug has been published, but Microsoft said that it has not yet seen this code used in online attacks. Database servers could be attacked using this flaw if the criminals somehow found a way to log onto the system, and Web applications that suffered from relatively common SQL injection bugs could be used as stepping stones to attack the back-end database, Microsoft said. Desktop users running the Microsoft SQL Server 2000 Desktop Engine or SQL Server 2005 Express could be at risk in some circumstances, Microsoft said. The bug lies in a stored procedure called “sp_replwritetovarbin,” which is used by Microsoft’s software when it replicates database transactions. It was publicly disclosed on December 9 by SEC Consult Vulnerability Lab, which said it had notified Microsoft of the issue in April. Source:

23. December 22, Network World – (International) Small laptops pose big threat. Ultraportable laptops come with built-in compromises. Security weaknesses are directly attributable to the machines’ diminished technology. “This is a threat that IT managers are just beginning to recognize,” says a security analyst at Lazarus Technologies Inc. Minimized hardware resources force ultraportables to cope with weakened system software. Most models ship with a stripped-down Linux operating system or, in some cases, Microsoft Corp.’s previous-generation operating system, Windows XP. Newer and more capable operating systems, which also tend to have the latest internal security safeguards, demand processing and storage power that ultraportables typically lack, the analyst notes. Ultraportables’ reduced resources also limit their ability to run add-on security software, such as data encryption and anti-malware tools. With processing power, internal memory, and storage space all at a premium, it can be difficult — sometimes impossible — to squeeze security software onto an ultraportable. “As a result, the machines are often sent out into the world with little or no protection,” he says. Other key security features are often absent on ultraportables. “Many, if not most, [ultraportables] are sold without Trusted Platform Modules because they are targeted at the consumer market,” says an analyst at Enderle Group in San Jose. “This means they either don’t have encryption solutions or the solutions aren’t that robust.” Enderle also notes that most ultraportables are not designed to be managed centrally and therefore cannot have their solid-state drives remotely wiped clean of data in the event of loss or theft. Source:

Communications Sector

24. December 22, Digital Trends – (International) Repairs underway on Mediterranean cables. Operations are underway to repair three undersea telecommunications cables that were damaged in the Mediterranean Sea over the weekend, disrupting telephone and Internet service in parts of the Middle East and south Asia. However, this time the cause of the cable cuts is suspected to be a ship’s anchor, rather than a deliberate act or terrorism or sabotage. The damage to the FLAG, SEA-ME-WE4, and SEA-ME-WE3 cables occurred late Friday; by Sunday a remotely-operated submarine robot was being used to locate and assess the damage to the cables. It is possible a ship anchor could

have dragged the cables some distance from their proper locations. Once the damage areas have been located and identified, the remote robot will bring the cables up to a repair ship which will repair the damage and then re-lay the cables on the ocean floor. Source: