Department of Homeland Security Daily Open Source Infrastructure Report

Friday, May 29, 2009

Complete DHS Daily Report for May 29, 2009

Daily Report

Top Stories

 According to the Washington Post, a statewide SWAT team exercise at a firing range on the secured grounds of a nuclear power plant in Southern Maryland was halted this month after stray bullets shattered glass and struck a command center near the plant’s reactors, officials said on Wednesday. (See item 6)

6. May 28, Washington Post – (Maryland) Shots from range hit near Md. nuclear plant. A statewide SWAT team exercise at a firing range on the secured grounds of a nuclear power plant in Southern Maryland was halted this month after stray bullets shattered glass and struck a command center near the plant’s reactors, officials said on May 27. Reactor safety at the Calvert Cliffs plant in Lusby was never compromised, according to the U.S. Nuclear Regulatory Commission (NRC) and Constellation Energy Group, which operates the facility. But Constellation closed the range, a popular training site for local law enforcement agencies, pending investigations by plant security and the Calvert County Sheriff’s Office, which hosted the exercise. At least five bullets escaped the firing range and traveled more than a half-mile before striking buildings and a vehicle near the reactors, according to the NRC, Constellation and the sheriff’s office. One struck the plant’s “outage control center,” which is used as a command area to orchestrate refueling efforts. Another hit an employee’s sport-utility vehicle in the parking lot. Three others struck an office facility: Two of them hit the roof, and one shattered the outer pane of a first-floor window. Employees were working in both buildings at the time, said a Constellation spokeswoman. The bullets did not penetrate either structure, she said. Investigators are conducting ballistics tests to determine which officer fired the stray shots. Source:

 The Poughkeepsie Journal reports that a standoff Wednesday at the Dutchess County, New York Sheriff’s headquarters shut down streets in Poughkeepsie for hours, with area police agencies responding to the crisis. Visitors to the Dutchess County jail, which is connected to the Sheriff’s Office, were evacuated from the jail. (See item 32)

32. May 28, Poughkeepsie Journal – (New York) Standoff in upstate NY ends with suspect’s suicide. A suspect in a rape case wrested a gun from a Dutchess County, New York sheriff’s detective during questioning and fatally shot himself three hours after he wounded a detective and then barricaded himself in an office at sheriff’s headquarters, the county sheriff said. The undersheriff said a bullet grazed the detective on the side of his head. He was treated at St. Francis Hospital and released. This standoff was apparently unprecedented, as local law enforcement officers with decades of experience could not recall a similar incident in Dutchess or Ulster counties. The incident shut down streets in the city for hours, with area police agencies responding to the crisis. Visitors to the Dutchess County jail, which is connected to the Sheriff’s Office, were evacuated from the jail. City of Poughkeepsie Police Department Mobile Command Unit, emergency services from the city and town of Poughkeepsie, as well as the sheriff’s emergency service unit were on the scene. Members of the FBI were seen, too. The undersheriff said the Sheriff’s Office was continuing its investigation of the incident. He said deputies had been trained to respond to such emergencies. “We have a protocol, and it was followed,” the undersheriff said. Source:


Banking and Finance Sector

12. May 27, BBC News – (National) Number of problem U.S. banks soars. The number of problem U.S. banks jumped 40 percent to a 15-year high in the first three months of the year, a government watchdog has warned. A total of 305 banks had financial woes in January-March, up from 252 in October-December, said the Federal Deposit Insurance Corporation (FDIC). The increase came as banks continued to grapple with bad mortgage and credit card debt amid the recession. At the same time, industry-wide banking profits also rose in January-March. The FDIC said profits across the industry hit $7.6 billion in the first quarter of 2009, led by higher revenues at the biggest banks as their trading performance recovered. This profit compares with a record loss of $36.9 billion for October-December, but is still down 61 percent on the $19.3 billion profit record for January-March last year. Source:

13. May 26, Ashville Citizen-Times – (North Carolina) Area ASB customers targeted in phone scam. Asheville Savings Bank has been made aware of a phone scam targeting area residents to gain personal information. The phone scam has several variations and uses both a live person and automation. Customers have been told their account has been compromised and additional information such as debit card numbers and other personal information is needed. ASB advises consumers to avoid providing these callers with any information. Supplying this information can lead to identity theft. The amount of information they currently have is not enough to do any harm. If you have received one of these phone calls and gave out your information please contact your bank. Criminals using phone scams are looking for unsuspecting individuals who will give them important information such as Social Security Numbers, dates of birth, credit card numbers or bank account numbers. Once they have your information, they use it to make fraudulent purchases, obtain credit or access bank accounts. Source:

14. May 26, WMGT 41 Macon – (Connecticut) Phone scam targets all 22,000 residents of Connecticut town. An entire Connecticut town has found itself the target of phone scammers. The calls started coming on May 24. Police in Guilford, Connecticut believe by the time they were done every land line telephone in the town of 22,000 residents received a call. The automated call is a female voice claiming to be from Guilford Savings Bank. It prompted those on the other end of the line to enter bank card and PIN numbers, along with their card’s expiration date. So far, police and bank officials aren’t aware of anyone who entered their personal information. Guilford police said this appears to be a complex scam that involves hacking into various business telephone lines from across the country. The calls appear to be generated from companies, but the businesses are not involved in the fraud, police said. The bank is encouraging anyone who offered personal information over the phone to contact them immediately. Source:

Information Technology

34. May 28, – (International) RIM patches serious BlackBerry Attachment Service flaws. Research In Motion issued an update to the BlackBerry Enterprise Server correcting serious PDF handling flaws. The flaws could be found in BlackBerry Enterprise Server software version 4.1.3 through 5.0. and BlackBerry Professional Software 4.1.4. The vulnerabilities are potentially very serious. They carry a Common Vulnerability Scoring System (CVSS) score of 9.3, RIM said. Security update 4 has been released. For BlackBerry Enterprise Server version 4.1x and 5.0 users. A separate security update has been released for affected BlackBerry Professional Software versions. RIM has had ongoing security issues with its PDF distiller. The smartphone maker issued an update correcting flaws in the BlackBerry Attachment Service in April. Separate updates were released in January and in July 2008 to correct flaws. Source:,289142,sid14_gci1357385,00.html#

35. May 26, ZDNet – (International) Twitter API ripe for abuse by Web worms. A security researcher is warning that the Twitter API can be trivially abused by hackers to launch worm attacks. The red-hot social networking/microblogging service has been scrambling to plug cross-site scripting and other Web site vulnerabilities to thwart worm attacks but, as a researcher points out, it is much easier to misuse the Twitter API as a “weak link” to send worms squirming through Twitter. The researcher, well-known for his research work on browser and Web application vulnerabilities, draws attention to the fact that a single vulnerability on any of the third-party services (Twitpic, etc.) that use the API can trigger the next Twitter worm. Source:

Communications Sector

36. May 27, Dow Jones Newswires – (National) AT&T: Smartphones choke networks. AT&T’s Chief Executive said on May 27 that U.S. wireless networks are not prepared for the surge in Smartphone use that has already shown signs of choking their networks. He defended his company’s wireless network’s performance, though, which has come under fire for not being prepared for the popularity of Apple Inc.’s (AAPL) iPhone, which the company sells on an exclusive basis in the U.S. Wireless capacity is an increasingly tough issue that carriers must wrestle with, particularly as their subscribers clog the network by surfing the Web, downloading video and texting on their Smartphones. On May 27, AT&T laid out plans to upgrade the speed and capacity of its wireless network, which includes adding cellular sites, bolstering the underlying ground infrastructure, and tapping into more powerful wireless spectrum. Last year, it spent more than $9 billion to further stockpile spectrum. AT&T plans to begin the improvements later this year and finish in 2011. The Dallas carrier also said it would hold trials for fourth-generation, or 4G, wireless technology in 2010, with deployments slated for the following year. Source:

No comments: