Department of Homeland Security Daily Open Source Infrastructure Report

Wednesday, February 25, 2009

Complete DHS Daily Report for February 25, 2009

Daily Report


 According to the Virginian-Pilot, the State of Virginia for 30 years has wrongly allowed Dominion Virginia Power to discharge hot wastewater into Lake Anna from its nuclear power plant near Richmond, a circuit court judge ruled on February 20. (See item 5)

5. February 24, Virginian-Pilot – (Virginia) Judge: Nuclear plant’s wastewater discharge was wrong. The state for 30 years has wrongly allowed Dominion Virginia Power to discharge hot wastewater into Lake Anna from its nuclear power plant near Richmond, a judge ruled on February 20. Environmentalists hailed the decision by a Richmond circuit court judge. They said it should lead to first-ever regulations of atomic wastewater and cool parts of Lake Anna, a central Virginia landmark known to eclipse 100 degrees on summer days. “This is huge,” said a science director for the Blue Ridge Environmental Defense League. “We and lakeside residents have long believed that Dominion is guilty of thermal pollution.” Such pollution, he said, threatens human health, property values and aquatic life. The court ruling also could complicate a billion-dollar proposal from Dominion to expand its North Anna nuclear power plant by building a third reactor on Lake Anna in Louisa County. While Dominion has recommended an air-cooling system for the new reactor, the project still would influence lake levels and temperatures, said the president of Friends of Lake Anna, a conservation group. The judge turned this interpretation on its ear. The judge instructed the State Water Control Board to draft a new discharge permit for the nuclear station so that the lake never exceeds 89.6 degrees, said a Richmond attorney representing the environmentalists. Source:

 USA Today reports that more than 100 levees in 16 states flunked maintenance inspections in the last two years and are so neglected that they could fail to stem a major flood, records from the U.S. Army Corps of Engineers show. (See item 33)

33. February 24, USA Today – (National) Army Corps cracks down on flunking levees. More than 100 levees in 16 states flunked maintenance inspections in the last two years and are so neglected that they could fail to stem a major flood, records from the U.S. Army Corps of Engineers show. The 114 levees received “unacceptable” maintenance ratings in Corps inspections, meaning their deficiencies are so severe that it can be “reasonably foreseen” that they will not perform properly in a major flood, according to the records, which were requested by USA Today. As a result, the Corps is advising state and local levee authorities that the levees no longer qualify for federal rehabilitation aid if damaged by floodwaters. People who rely on the levees should “be aware that there is reason for concern,” says the head of the Corps’ levee safety program. Source:


Banking and Finance Sector

8. February 24, Quincy Patriot Ledger – (Massachusetts) ‘Phishing’ scam targets South Coastal Bank patrons. An apparent telephone scam attempts to obtain South Coastal Bank customers’ account information. Several Rockland residents, including a bank employee, received the calls, the bank reported on February 23. The recorded message claimed to be from South Coastal Bank. The message said their ATM card had been deactivated and asked them to enter their account information to reactivate the card. The president and CEO of Rockland-based bank said the organization does not know of any customers who gave out their account information. The bank never asks customers for confidential information over the phone, he said. Source:

9. February 23, Bloomberg – (National) U.S. pledges new capital for banks as stress tests to begin. U.S. financial regulators pledged to inject additional funds into the nation’s major banks to prevent their collapse and will this week begin examinations to determine if they have enough capital. “The government will ensure that banks have the capital and liquidity they need to provide the credit necessary to restore economic growth,” the Treasury and other regulators said in a joint statement in Washington on February 23. “The U.S. government stands firmly behind the banking system during this period of financial strain.” Banks that need additional funds after the so-called stress tests that cannot raise the money from private investors will be able to tap additional taxpayer money, the regulators said. Government funds would be in the form of “mandatory convertible preferred shares” that would be exchanged into common equity “only as needed.” Stakes that the Treasury has already bought in lenders, such as Citigroup Inc. and Bank of America Corp., will also be eligible to be changed to convertible preferred shares. The new funds are designed to provide a “temporary” buffer for firms against increased losses during the crisis. Supervisors will start the stress tests on February 25 to assess whether banks have enough capital to withstand “a more challenging economic environment.” Source:

10. February 23, WBNG 12 Binghamton – (New York) Text message scam can wipe out money in minutes. BCT Federal Credit Union in Binghamton opened this morning to some worried customers. The customers received text messages on their cell phones, asking for personal banking information. One individual received two messages saying her debit card had been deactivated and she needed to call a number to reactivate it. “I looked in the phone book actually for the GHS phone number because I knew the phone number they had on here probably wasn’t right and told them I didn’t have an account with them and I got this text message...and they told me it was a scam,” said the woman. BCT said those who provided their personal information instantly had their bank accounts wiped out. A representative of the credit union guesses about 100 peoples’ accounts were wiped out. Individuals who received the message said they had received texts claiming they are GHS, BCT and Empower Federal Credit Unions. These institutions said they would never send anyone a text message asking for personal information. Source:

11. February 23, Shelby Star – (North Carolina) Scam targets area texters. A suspicious text message has been sent to Shelby-area cell phone customers claiming that their account has been closed and instructing them to call a phone number. One individual says he received the text message from “,” and called the phone number. When he did, a recording, allegedly from Fleet Bank, alerted him that there was suspicious activity to his bank account. But this individual did not have an account at Fleet Bank and when the recording instructed him that they needed his credit card number, he hung up. In December 2008, the Star reported a similar scam popped up in West Virginia. Vague messages implore the recipient to reactivate their bankcard. Account information required, of course. At that time, police said they had yet to hear reports of it occurring in Cleveland County. The Cleveland County Sheriff’s Office said this scam mirrors several scams that are targeting locals. A captain with the sheriff’s office said residents should never give out their credit card information, personal information or bank account information to unknown people. Source:

12. February 23, – (National) Credit unions confirm new processor credit card breach. A payment processor is in the process of identifying the extent of damage caused by a malicious program discovered in its systems exposing credit and debit card numbers. MasterCard and Visa are issuing information to banks and credit unions about credit and debit card accounts that were exposed in the data security breach of a second payment processor in less than two months. The Pennsylvania Credit Union Association and the Tuscaloosa, Alabama VA Federal Credit Union posted messages on their Web sites explaining that a breach investigation is ongoing. Both Visa and MasterCard are declining to name the processor while a forensics team investigates the breach. Investigators are also trying to find a link between the latest breach and the recently announced Heartland Payment Systems breach, a credit union official said under condition of anonymity. Visa began releasing information to banks and credit unions about affected accounts on February 9. A vulnerability left potentially thousands of credit and debit card numbers exposed for a period between February 2008 through January 2009, according to an alert issued by the Tuscaloosa VA Federal Credit Union. “We have not been notified that any of our cardholders have fraudulent activity due to this compromise,” the message stated. “While it has been confirmed that malicious software was placed on the processor’s platform, there is no forensic evidence that accounts were viewed or taken by the hackers.” Credit union officials said it appears the breach is not as serious as the Heartland breach. Source:,289142,sid185_gci1348856,00.html

Information Technology

29. February 24, IDG News Service – (International) Attackers targeting unpatched vulnerability in Excel 2007. Microsoft’s Excel spreadsheet program has a 0-day vulnerability that attackers are exploiting on the Internet, according to security vendor Symantec. A 0-day vulnerability is one that does not have a patch and is actively being used to attack computers when it is publicly revealed. The problem affects Excel 2007 and the same version of that program with Service Pack 1, according to an advisory on SecurityFocus, a Web site that tracks software flaws. Other versions of Excel may also be affected, it said. The program’s vulnerability can be exploited if a user opens a maliciously-crafted Excel file. Then, a hacker could run unauthorized code. Symantec has detected that the exploit can leave a Trojan horse on the infected system, which it calls “Trojan.Mdropper.AC.” That Trojan, which works on PCs running the Vista and XP operating systems, is capable of downloading other malware to the computer. Microsoft said it is only aware of “limited and targeted attacks” and that it would release more information on February 24. Hackers have increasingly sought to find vulnerabilities in applications as Microsoft has spent much effort into making its Vista OS more secure. Source:

30. February 23, ComputerWeekly – (National) U.S. publishes National Cybersecurity Strategy critical security controls. The U.S. has published a draft list of critical security controls to protect key national information systems from cyber attack. The move is the first step towards creating a comprehensive U.S. national cyber security strategy as recommended by a special advisory commission. The Center for Strategic and International Studies (CSIS), a Washington-based think tank, set up the commission in August 2007 after a series of cyber attacks on critical information systems. The CSIS Commission on Cybersecurity is tasked with advising the U.S. President’s government on how to protect federal information systems and critical infrastructure from attack. The draft controls, known as the Consensus Audit Guidelines, are based on input from 10 federal agencies, Mitre Corporation, Sans Institute, and two penetration testing and forensics firms. The Consensus Audit Guidelines (CAG) project was started in 2008 after data losses by leading U.S. defense industry firms. The goal was to draw up a risk-based standard to counter all known types of cyber attack. “This is the best example of risk-based security I have ever seen,” said the director of research at the Sans Institute. Source:

31. February 23, Computerworld – (International) Adobe flaw has been used in attacks since early January. A dangerous and unpatched vulnerability in Adobe Systems Inc.’s PDF-reading software has been around a lot longer than previously realized. The Adobe Reader flaw, which was first reported recently, has caused concern because the bug is easy to exploit and Adobe is not expected to patch it for several weeks. A vulnerability researcher at intrusion-prevention vendor Sourcefire Inc. posted a patch for the flaw on February 22. But the unsupported patch applies only to the Windows version of Adobe Reader 9.0 and comes with no guarantees that it will actually work. Security researchers at Symantec Corp. told Adobe about the flaw, which also affects the vendor’s Acrobat software, on February 12. But on February 23, Sourcefire said an analysis of its malware database showed that attackers have been exploiting the flaw for more than six weeks. Sourcefire has found samples of exploit code dating back to January 9, said the company’s senior director of vulnerability research. To date, the flaw has been used in small-scale attacks targeted against specific individuals, according to security researchers. Symantec, for example, said it has tracked only 100 attacks thus far. But that number has been increasing since exploit code for the flaw, which affects both Windows and Macintosh users, was made public. Source:

Communications Sector

Nothing to report.