Department of Homeland Security Daily Open Source Infrastructure Report

Tuesday, May 26, 2009

Complete DHS Daily Report for May 26, 2009

Daily Report

Top Stories

 Reuters reports that Unit 1 at Exelon Corp.’s LaSalle nuclear power station in LaSalle County, Illinois automatically shut from full power on May 21 due to a main power transformer fault that caused a small fire. (See item 7)

7. May 22, Reuters – (Illinois) Exelon Ill. LaSalle 1 reactor shut due to transformer. Unit 1 at Exelon Corp.’s LaSalle nuclear power station in LaSalle County, Illinois automatically shut from full power on May 21 due to a main power transformer fault that caused a small fire. A spokesman could not say how damaged the transformer was, or when the unit might return to service. The problem was caused by a lightning deflector. A team was investigating the cause of the failure, the spokesman said. He said there was no lightning in the area at the time of the equipment failure. The fault caused a small fire that was put out in about 10 seconds by an automatic fire suppression system. As a precaution, operators reduced Unit 2 output and called the local fire department. The fire department was not needed, however. Electricity traders said, if Exelon needs to replace the transformer, the unit could remain out for a week or more, depending on whether a spare transformer is available on site. The spokesman could not say whether there was a spare transformer on site. There are four working transformers at LaSalle, two for each unit. Source:

 According to the Associated Press, law enforcement computers were struck by a mystery computer virus on May 21, forcing the FBI and the U.S. Marshals to shut down part of their networks as a precaution. (See item 28)

28. May 21, Associated Press – (National) Computer virus strikes U.S. Marshals, FBI affected. Law enforcement computers were struck by a mystery computer virus on May 21, forcing the FBI and the U.S. Marshals to shut down part of their networks as a precaution. The U.S. Marshals confirmed it disconnected from the Justice Department’s computers as a protective measure after being hit by the virus; an FBI official said only that that agency was experiencing similar issues and was working on the problem. “At no time was data compromised,” said a U.S. Marshals spokeswoman. The type of virus and its origin were not determined. Source:


Banking and Finance Sector

13. May 22, Atlanta Journal-Constitution – (Georgia) Investment firm’s chief pleads guilty to fraud. The head of an Alpharetta firm, CRE Capital, that claimed hefty profits from trading Japanese and American currencies, pleaded guilty May 21 to his role in a Ponzi scheme. The 48-year-old executive from Atlanta defrauded more than 100 people out of more than $25 million, according to federal prosecutors. The executive pleaded guilty to one count of wire fraud before a U.S. District Judge in Atlanta and is to be sentenced July 30. CRE Capital offered investment contracts of at least $100,000 that guaranteed the investor’s deposit plus 10 percent interest within just 30 days. Instead of making profits, they lost millions of dollars. The executive repaid some investors, but the scheme was unsustainable and shut down by the Securities and Exchange Commission in January, prosecutors said. Source:

14. May 21, Bloomberg – (California; Delaware; Florida) SEC sues fight in three states in penny stock ring. The U.S. Securities and Exchange Commission (SEC) sued eight people in Florida, California and Delaware, claiming they generated more than $6.2 million in illicit profits by manipulating stock prices in four companies. The group allegedly pumped up prices of GH3 International Inc., Asia Global Holdings Inc., Playstar Corp. and Xtreme Motorsports of California Inc., the SEC said today in a statement. Delaware’s Acting U.S. Attorney separately announced indictments in the case. A 24-year-old man of Newark, Delaware, is accused of carrying out the scheme with people he met through a penny stock Web site called, operated by a 26-year-old man out of Aliso Viejo, California, according to the SEC complaint filed May 20 in federal court in Wilmington, Delaware. The group timed manipulative trading to coincide with false and misleading press releases purportedly issued by the companies to “hype the stock,” the SEC said in its statement. Source:

15. May 21, Wall Street Journal – (National) Congress raises FDIC limits. On May 19, Congress signed off on allowing the Federal Deposit Insurance Corp. (FDIC) to borrow as much as $100 billion from the Treasury Department and extending the agency’s new deposit-insurance limit of $250,000 through 2013. While the move increases the FDIC’s potential liability, the agency’s enhanced financial maneuverability is expected to help quell fears about the rising cost of bank failures, which have drained the agency’s fund. The President is expected to sign the legislation into law in coming days. The legislation also keeps in place the $250,000 insurance limit created last year when depositors were pulling funds from banks across the country due to fears about the solvency of U.S. financial institutions. The higher limit was set to expire at the end of 2009 and fall back to $100,000 for depositors in most cases. The bill addresses a range of other issues as well. It would make it easier for borrowers to qualify for federal foreclosure-prevention programs, give loan servicers more protection from investor lawsuits once mortgages are modified, and provide the Government Accountability Office with more powers to investigate the way the Treasury and Federal Reserve use funds from the Troubled Asset Relief Program set up in October to buoy the financial sector. Source:

16. May 21, Associated Press – (National) Treasury IG: ‘Inappropriate’ backdating at thrifts. The Treasury Department’s watchdog has uncovered improper backdating of cash infusions at six thrifts including IndyMac, in an investigation that already has prompted the removal of the federal thrift agency’s acting director. Federal regulators were aware of the backdating at two of the thrifts, and directed or authorized those institutions to do it, the Treasury’s inspector general said in a report on May 21. Pushing back the dates of the infusions can allow banks to meet quarterly government requirements for capital reserves. The $18 million backdated capital injection by its parent to IndyMac Bank — a California-based savings and loan that failed in July and cost the federal deposit insurance fund nearly $9 billion — came to light in December. The new report detailed similar instances at five other thrifts, which were not named. One of them is in the West, three are in the Southeast and one is in the Northeast. In its response to the inspector general’s report, the Office of Thrift Supervision said it has taken action to ensure that its staff fully understands the accounting requirements for capital contributions to banks from their parent companies. Source:

17. May 21, CNN Money – (Florida) Florida bank collapses — firms swoop in. A consortium of private equity firms has acquired BankUnited FSB in Florida after the savings and loan was shut down by federal regulators on May 21. The 34th bank to fail this year and the largest so far, BankUnited had $12.8 billion in assets, $8.6 billion in deposits and 85 branches. The new institution will be named BankUnited. The Federal Deposit Insurance Corp. (FDIC) will share in losses on about $10.7 billion in assets. The bank’s new owners will inject $900 million in new capital into the Coral Gables, Florida based institution. The FDIC estimates it will take a $4.9 billion hit to its deposit insurance fund. The deal is the second involving private investors and a failed bank, and comes five months after a consortium acquired IndyMac. Source:

Information Technology

33. May 21, SC Magazine – (International) Experts offer tips to deal with Gumblar malware. A number of security organizations are offering tips to deal with the Gumblar drive-by exploit, which is growing ever more pervasive. Gumblar has spread rapidly because malicious JavaScript on compromised sites seems to be dynamically generated. That is, it can be different on every site, or even every page on a site. “This is just the most recent example of legitimate sites being exploited to spread malware,” a Cisco security product manager told on May 21. “What is unique to Gumblar is that it uses a multi-phased approach to propagate itself. It does not just deliver malware to the end-user.” To deal with the problem, Cisco offers five tips to enterprises and Web sites to deal with the problem: Make sure security protection is implemented for Web servers and Web applications. Also, educate and alert users to pay attention to pop-ups that warn them if they are about to proceed to a questionable site. In addition, it is important to include client-side protection to establish a layered defense. Organizations also should install gateway security that is capable of drilling down into every Internet access request. And make sure perimeters are secured with auditable firewalls. Source:

34. May 20, All Things Distributed – (International) Expanding the cloud: Moving large data sets into Amazon S3 with AWS Import/Export. Processing large amounts of data has become common place. Where this used to be the domain of Physics and Biotech researchers or maybe business intelligence, now increasingly other domains such as social sciences, psychology history, even e-commerce are being driven by large datasets. Also in the systems management domain, data sets are growing faster and faster, consequently backup and disaster recovery has to deal with increasingly large sets. Log files and monitoring also spew out more and more relevant data. Many customers have large datasets and need to move into storage services and process them in Amazon EC2. However, moving these large datasets over the network can be cumbersome. Depending on the network throughput available and the data set size it may take rather long to move data into Amazon S3. To help customers move their large data sets into Amazon S3 faster, the ability to do this over Amazon’s internal high-speed network using AWS Import/Export. AWS Import/Export allows a user to ship data on one or more portable storage devices to be loaded into Amazon S3. For each portable storage device to be loaded, a manifest explains how and where to load the data, and how to map file to Amazon S3 object keys. After loading the data into Amazon S3, AWS Import/Export stores the resulting keys and MD5 Checksums in log files such that a user can check whether the transfer was successful. AWS Import/Export is of great help to many users who have to handle large data sets. Source:

Communications Sector

35. May 21, IDG News Service – (International) DNS attack downs Internet in parts of China. An attack on the servers of a domain registrar in China caused an online video application to cripple Internet access in parts of the country late on May 20. Internet access was affected in five northern and coastal provinces after the DNS (domain name system) attack, which targeted just one company but caused unanswered information requests to flood China’s telecommunications networks, China’s IT ministry said in a statement on its Web site. The incident revealed holes in China’s DNS that are “very strange” for such a big country, said the head of Kaspersky’s Virus Lab in China. Internet access returned to normal in the late night several hours later, according to the government statement. Source:

36. May 21, News of the North – (Wisconsin) Wireless Internet to penetrate Oneida County. The Oneida County Board approved a loan on May 20 that should help to jump start access to high-speed Internet service for county residents. The approved resolution will allow the county to borrow from the Trust Funds of the State of Wisconsin “the sum of up to $200,000 for the purpose of reloaning for the development, construction and establishment of eight broadband towers to promote economic development and education opportunities.” SonicNet is already providing service in the Phelps, Three Lakes and Eagle River areas, using wireless technology. A SonicNet representative told board members that because of Oneida County’s geographical features of rocky soils and an abundance of forested land, wireless was a much easier and less expensive option than running cable. “We are focusing on bringing service to people who have no other option than dial-up, not compete with existing service,” he said. He also said the loan would pay for the company to install eight towers across the county, at a cost of $20,000 each. An additional $40,000 would be a “contingency” for clearing and unforeseen circumstances. The new towers would go above the trees and emit a signal in a radius. Source:

37. May 20, The Register – (Illinois) Microsoft consumes Chicago data center. Microsoft is apparently getting set to buy a data center in the Chicago suburb of Northlake, nicknamed CH1, from data center operator Ascent, giving Ascent a chance to build a new facility called CH2 that will piggyback on the power and connectivity capabilities that Microsoft is using. The CH1 facility is where Microsoft is building its first containerized data center, a design that crams servers, storage, and other IT gear into shipping containers to pack that gear in tightly and cheaply. The Northlake data center was supposed to have from 150 to 220 of the standard 40 foot containers jam packed with gear, perhaps several hundred thousand servers in total. It is not clear if Microsoft has, in fact, deployed containers in the CH1 facility. According to a report in Crain’s Chicago Business, Microsoft has worked out a deal with Ascent to buy the 707,244 square foot CH1 facility for “more than $185m.” The CH2 data center that will be down the road from CH1 weighs in at 250,000 square feet and will employ the same “data center suites” concept that, in the end, proved to be unnecessary at the CH1 facility since Microsoft wanted all of the capacity at the site once it took a look around at its options in Chicago. Source: