Department of Homeland Security Daily Open Source Infrastructure Report

Monday, June 29, 2009

Complete DHS Daily Report for June 29, 2009

Daily Report

Top Stories

 According to the Cleveland Plain Dealer, an electrical explosion on June 25 outside the Davis-Besse nuclear reactor building near Port Clinton, Ohio has shut down a transformer controlling one of two high-voltage power lines connecting the power plant to emergency external power. (See item 6)


6. June 26, Cleveland Plain Dealer – (Ohio) Electrical explosion shuts down transformer at Davis-Besse nuclear power plant. An electrical explosion outside the Davis-Besse nuclear reactor building near Port Clinton, Ohio has shut down a transformer controlling one of two high-voltage power lines connecting the power plant to emergency external power. No one was hurt, and no radioactive materials were involved, plant owner FirstEnergy Corp. told the Nuclear Regulatory Commission in a report June 26. Davis-Besse is continuing to generate power, for now. The “catastrophic failure-explosion” of an electrical current monitoring device on the transformer occurred early June 25, according to the report. The failure means the reactor is operating with only one source of outside power that might be needed in the event of a reactor emergency. But NRC regulations require two, separate outside power sources at all times as well as two onsite diesel generators for emergency power. FirstEnergy must shut down the reactor in 72 hours — early June 28 — if crews cannot replace the device and re-energize the transformer and outside line. The company did not promptly report the incident, according to the filing, because “the severity of the…failure was not recognized because of the nighttime conditions and minimal lighting in the area.” FirstEnergy said it believes the explosion was “likely a result of equipment failure and not the result of any equipment tampering.” A plant spokesman said crews had not found any other damaged equipment and expected to complete repairs June 26. NRC inspectors are also investigating. Source: http://www.cleveland.com/business/index.ssf/2009/06/electrical_explosion_shuts_dow.html


 The Philadelphia Inquirer reports that the Southeastern Pennsylvania Transportation Authority will inspect automatic train-control signals on the Market-Frankford Line made by French manufacturer Alstom S.A., the same company that made the signals on the Metro in Washington D.C., where a possible signal malfunction is under investigation in the June 22 train collision. (See item 8)


8. June 26, Philadelphia Inquirer – (Pennsylvania; International) SEPTA to inspect signals like those in D.C. crash. Southeastern Pennsylvania Transportation Authority (SEPTA) will inspect automatic train-control signals on the Market-Frankford Line made by the same company that made the signals on the Metro in Washington D.C., where a possible signal malfunction is under investigation in the June 22 deadly train collision. The electronic signal circuits along the tracks tell passing trains when to stop or slow down. The signals on the Market-Frankford Line, like those in Washington and many other U.S. cities, were made by Alstom S.A., a large French manufacturer of transportation equipment and power plants. National Transportation Safety Board (NTSB) investigators in Washington are focusing on the signal circuits in a 740-foot stretch where the collision killed 9 people and injured about 80. Testers found “anomalies” with those circuits, NTSB officials said. “Whether trains are operated in automatic or manual, these circuits are vital,” said a spokeswoman of the NTSB. “We’re particularly interested in the speed commands that might be sent from that circuit when there’s a train standing on that circuit.” In Philadelphia, crews will inspect all the circuits on the 13-mile Market-Frankford Line, said SEPTA’s assistant chief engineer for communications and signals. There are about 50 signal circuits on the Blue Line, he said. Source: http://www.philly.com/inquirer/local/pa/20090626_SEPTA_to_inspect_signals_like_those_in_D_C__crash.html


Details

Banking and Finance Sector

12. June 25, Boston Globe – (Massachusetts; New York) Investment manager pleads guilty in a $9 million fraud. A 65-year-old Massachusetts investment manager pleaded guilty on June 24 to securities fraud for running a Ponzi scheme that cost 70 investors, many from the Bay State, about $9 million. The guilty party faces up to 20 years in jail and $5 million in penalties after settling the criminal charges with federal officials in New York. He also settled similar civil charges with the Securities and Exchange Commission, in which he agreed to repay more than $8.7 million. Officials have not yet determined whether he has money or other assets to repay his victims. And he could face additional fines, a SEC spokesman said. “We’ll try to find whatever can be recovered in order to [get it] to the investors,” he said. The guilty party promised investors consistently high returns. He told them his River Stream Fund had earned about 20 percent a year since 2001, using a trading strategy based on short-term market trends, authorities said. In fact, River Stream lost money or had minimal returns most of the time, paid as much as $9 million in bogus profits, and returned capital to investors with money given to him by other investors, according to court documents. Meanwhile, he took more than $2.5 million in fees for himself. Before his fund collapsed in April 2008, the guilty party claimed it held about $18 million, when in reality it had only $101,600, according to prosecutors. Source: http://www.boston.com/business/articles/2009/06/25/investment_manager_pleads_guilty_in_a_9_million_fraud/


Information Technology


27. June 26, SoftPedia – (International) Over 2.7 billion vulnerable programs installed on U.S. computers. Reputed Danish vulnerability intelligence provider Secunia has recently released version 1.5 of its free Personal Software Inspector (PSI) application. Statistics gathered by the software reveal frightening numbers, such as 2,720,800,000 vulnerable programs being installed on U.S. computers. Secunia PSI is a free application that scans the programs installed on a computer in order to determine if they are affected by any security vulnerabilities. In order to make this assessment, PSI queries the company’s database of security advisories, one of the most complete in the world. If an application is found to be vulnerable, PSI verifies if any update or newer version that might fix the issue is available and provides the user with a direct download link to it. The tool also tags programs that reached their end of life and are no longer supported by their developers, as a security risk. According to Secunia, there is an estimated number of 227 million Internet users in the United States, out of which about 400,000 have scanned their computers with PSI. The company notes that PSI users currently have an average of four unpatched programs installed, while the average U.S. Internet users have 12 such applications on their computers. “The fact that US based PC users have more than 2.7 billion vulnerable programs installed are shocking! And quite frankly I am very surprised, we had an idea it would be bad, but couldn’t imagine the enormous scope of this problem. And to make things even worse, the picture formed in the US is the same all over the world,” the manager of Secunia’s PSI Partner Program noted. Secunia’s statistics seem to be consistent with the malware distribution trends observed in recent times. Cyber-criminals have come to rely more and more on vulnerabilities in order to infect computers — and not just the ones affecting the Windows operating system itself, but other popular programs as well, such as Adobe Flash Player, Adobe Reader, Mozilla Firefox, Opera, Internet Explorer, PowerPoint, Word, and so on. Source: http://news.softpedia.com/news/Over-2-7-Billion-Vulnerable-Programs-Installed-on-US-Computers-115129.shtml

For another story, see item 28, below

Communications Sector

28. June 26, BBC News – (International) Web slows after Jackson’s death. The internet suffered a number of slowdowns as people the world over rushed to verify accounts of an extremely popular entertainer’s death. Search giant Google confirmed to the BBC that when the news first broke it feared it was under attack. Millions of people who Googled the star’s name were greeted with an error page rather than a list of results. It warned users “your query looks similar to automated requests from a computer virus or spyware application.” “It’s true that between approximately 2:40 p.m. Pacific and 3:15 p.m. Pacific, some Google News users experienced difficulty accessing search results for queries related to the entertainer and saw the error page,” said a Google spokesman. Google’s trends page showed that searches for the entertainer had reached such a volume that in its so called “hotness” gauge the topic was rated “volcanic.” Google was not the only company overwhelmed by the public’s clamor for information. The microblogging service Twitter crashed with the sheer volume of people using the service. According to initial data from Trendrr, a Web service that tracks activity on social media sites, the number of Twitter posts on June 25 containing the entertainer’s name totaled more than 100,000 per hour. Keynote Systems reported that its monitoring showed performance problems for the web sites of AOL, CBS, CNN, MSNBC and Yahoo. Source: http://news.bbc.co.uk/2/hi/technology/8120324.stm


29. June 25, AccessNorthGa.com – (Georgia) Phone, computer lines down at several Gainesville City buildings. Employees encountered a little bit of technology trouble at several Gainesville City buildings following a traffic accident in the area of College Avenue on June 25. “Apparently during the accident one of the vehicles actually hit a pole and pulled the fiber that connects computers and phones in the city down,” said a spokesman for the City of Gainesville. The spokesman said the incident happened around 3 p.m. She said the Public Utilities building, the Georgia Mountains Center, Frances Meadows Aquatic and Community Center and the Community Service Center are all without phone and computer services until further notice. Source: http://www.accessnorthga.com/detail.php?n=221389