Department of Homeland Security Daily Open Source Infrastructure Report

Tuesday, October 13, 2009

Complete DHS Daily Report for October 13, 2009

Daily Report

Top Stories

 The Tampa Tribune reports that workers have found a crack in a concrete containment wall at the Crystal River, Florida nuclear power plant, but the half-inch-wide gap does not pose a danger, officials said on October 8. (See item 6)

6. October 8, Tampa Tribune – (Florida) Crack found in Crystal River nuclear plant. Workers have found a crack in a concrete containment wall at the Crystal River, Florida, nuclear power plant, but the half-inch-wide gap does not pose a danger, officials said October 8. The plant, which was shut down September 26 for refueling, maintenance and replacing of two steam generators, now has engineers and independent consultants studying the gap in the 42-inch thick concrete wall, which is lined with a steel plate. The power plant is operated by Progress Energy, which has a team analyzing the issue. The federal Nuclear Regulatory Commission is sending a special inspection team to learn what caused the crack and the extent of the gap. The agency’s chairman and regional administrator was on site October 9 as part of a previously scheduled visit to the plant. The plant already was shut down when the crack was discovered, meaning the crack is not currently endangering the public and there is no radiation that is being released. Source:

According to the Wichita Eagle, postal officials said on October 8 that 170 packages may have been contaminated by mercury that leaked from a package at the Wichita, Kansas Processing and Distribution Center. (See item 21)

21. October 9, Wichita Eagle – (Kansas) Package leaks mercury at Wichita post office. Wichita, Kansas, postal officials said Thursday that 170 packages may have been contaminated by mercury that leaked from a package at the Wichita Processing and Distribution Center. Postal officials said the area was secured, and hazmat crews were called in to clean up the mercury. The packages in question have been isolated, and the Postal Service is working with health officials and companies that work with hazardous materials to determine whether the packages can be decontaminated and delivered. Most of the packages were mailed from within a 50-mile radius of Wichita, postal officials said. Customers whose packages may have been contaminated have been notified by mail. The individual who mailed the mercury has been identified, and the Postal Service is investigating. Like virtually all hazardous material, mercury is not mailable. Source:


Banking and Finance Sector

10. October 9, Bloomberg – (National) TARP oversight group says Treasury mortgage plan not effective. The group Congress created to oversee the U.S.’s $700 billion financial bailout said the government needs to increase its efforts to help struggling homeowners modify their mortgages. A split Congressional Oversight Panel said in a report issued October 9 that it has doubts that the Treasury Department’s $50 billion loan-modification program will help prevent an estimated 3 million to 4 million foreclosures. The group’s two Republican members dissented from the Democratic appointees’ findings. “Rising unemployment, generally flat or even falling home prices and impending mortgage-rate resets threaten to cast millions more out of their homes,” the report said. “The panel urges Treasury to reconsider the scope, scalability and permanence of the programs designed to minimize the economic impact of foreclosures and consider whether new programs or program enhancements could be adopted.” The five-member group was set up to oversee the Troubled Asset Relief Program. It issues monthly reports critiquing the Treasury’s rescue policies. Source:

11. October 9, Albuquerque Express – (Illinois) Alleged Ponzi scheme nets hedge fund manager. A Chicago hedge fund manager has pleaded guilty to federal charges in what was described by prosecutors as a multibillion-dollar Ponzi scheme. The defendant pleaded guilty to one count of mail fraud over a scheme allegedly masterminded and orchestrated by a businessman. The defendant is in federal custody after acknowledging that he helped engineer financial transactions to create the appearance that the alleged Ponzi scheme was above board. He faces up to 20 years in prison and a $250,000 fine. He will be sentenced at a later date. He joins an account executive from his firm and four close associates of the businessman who have pleaded guilty to various criminal charges relating directly to the alleged $3.5 billion scheme. Source:

12. October 8, Business Week – (International) Online banking fraud soars in Britain. Despite an overall decline in British credit card fraud, criminals are getting more sophisticated at targeting online bank accounts. Online banking fraud jumped by 55 percent during the first six months of this year as criminals become even more sophisticated in their use of technology. Losses from online banking fraud hit £39m in the first half of the year, despite a decrease in the overall amount of credit card fraud in the UK. Banking industry body Financial Fraud Action UK warned that online fraud is becoming increasingly sophisticated, with fraudsters targeting customers using malware and phishing scams. The number of phishing incidents rose by 26 per cent to 26,000 during the same six-month period from January to June, according to the group. But it also said online security measures, which require the cardholder to enter a password when making purchases over the web, have contributed to an 18 per cent reduction in the amount of phone, internet and mail order fraud. The online fraud statistics go against the overall trend, which has seen a decrease in credit card fraud of 23 per cent from the same period last year. Card fraud losses totalled £232.8m in the first half of 2009, translating to around a tenth of a penny being lost to fraud for every £1 spent on cards. The introduction of chip and PIN in UK stores has played an important role in this reduction, with over-the-counter losses down by 26 per cent year-on-year. Source:

13. October 8, Tacoma Daily Index – (Washington) Tacoma police investigate downtown bank robbery, suspicious package. A Tacoma police spokesman said on October 8 a man was arrested after walking into a Bank of America branch downtown, claiming to have a bomb, and demanding money. A suspicious package was later found in the bank’s parking lot, located at 101 S. 9th St. The man was arrested and Tacoma Bomb Squad was investigating on October 8. Several streets near Court A and South 9th Street have been blocked. Source:

14. October 8, New York Times – (International) Man pleads guilty in plot to bomb sites in Toronto. A man unexpectedly pleaded guilty on October 8 to leading a plot to blow up at least three prominent sites, including the Toronto Stock Exchange, in a bid to create chaos to force Canada to withdraw its troops from Afghanistan. The defendant who was 20 and working at a gas station at the time of his arrest in 2006, is the fifth member of a group known as the Toronto 18 to be convicted or plead guilty in the case. But prosecutors said the others were peripheral players who did not have full knowledge of the defendant’s plan to damage the stock exchange, the Toronto office of Canada’s intelligence service and a military base. As the authorities watched and listened in, the defendant organized training camps that featured extremist Islamic teachings and somewhat inept military-style exercises. Among other things, members of the group considered raiding Canada’s Parliament buildings and beheading the Canadian Prime Minister, as well as conducting raids on nuclear power stations. Six defendants still await trial. Charges have been suspended or dropped against seven other people. Source:

15. October 7, KNXV 15 Phoenix – (Arizona) PD: Package left at credit union designed to look like bomb. Officials said the suspicious device dropped off during an armed robbery at an East Valley credit union was in fact a small black battery designed to look like a bomb. A Gilbert police spokesperson said the scene has been cleared and no injuries were reported. The Gilbert credit union was evacuated on October 7 and the Mesa Bomb Squad was called in to investigate the device, said the spokesman. According to the spokesman, a man robbed the Tempe School Credit Union near Gilbert and Guadalupe roads just before 2 p.m. The suspect then left a package behind, and fled the scene. Source:

Information Technology

35. October 9, PC World – (International) Google, Microsoft court Twitter as service suffers outage. Micro-blogging service Twitter suffered an outage on October 8, just as it reportedly was negotiating a licensing deal with either Google or Microsoft. The up-and-down day for Twitter mirrors the service’s bigger struggles as it grapples with technical issues, a business model, and its blockbuster success. For much of October 8, users could post tweets to their own streams, but updates from their followers were scarce at best. After admitting to a totally unspecified “unplanned site outage” late October 7, Twitter waited until almost 2 p.m. October 8 to elaborate on the problem. It explained in vague terms that “timelines remain stale for users.” It was not until sites such as TechCrunch started speculating that Twitter had fallen victim to a DDOS attack that Twitter posted an official statement explaining: “The problems this morning were caused by a bug triggered by an edge case in one of the core services that powers Twitter.” At precisely 3:54 pm on October 8, Twitter was reporting that “Most users are seeing freshly updated timelines. However, due to the previous problems, users of our SMS service may experience some missing tweets.” As of about 10 pm on October 8, Twitter had not updated its status any further. Source:

36. October 9, ITProPortal – (International) Microsoft planning massive security update for Patch Tuesday. The upcoming Patch Tuesday is set to become a big one for Microsoft, as the software giant is going to address as many as 34 vulnerabilities through 13 security updates. Of the 13 security patches, eight are to be tagged as ‘critical’, with a majority of them that would plug security holes in Windows and Internet Explorer (IE) that could let hackers remotely execute codes on a victim’s computer and subsequently seize control over system resources. Along with these, the patches would further address snags in SQL Server, MS Office, Microsoft Forefront, Microsoft Developer Tools, and Silverlight. Incidentally, a couple of the patches incorporated in the October update address flaws already made public with the exploit code available. One of the critical patches would address a flaw in the Microsoft SMB version 2.0 implementation, impacting Windows XP, 2000, Server 2003 and 2008, as well as newer iterations of Windows, including Windows 7 and Windows Vista. If exploited, the vulnerability could enable fraudsters to gain access to Windows Vista and Server 2008 and steal data from it. Microsoft has already issued a workaround to the vulnerability last month, directing users to cut support for SMB version 2 protocol, by providing a link to Microsoft’s “Fix It” package to disable the protocol. Source:

37. October 8, The Register – (International) Critical Adobe Reader vuln under ‘targeted’ attack. Attackers once again are targeting an unpatched vulnerability in Adobe Reader that allows them to take complete control of a user’s computer, the software maker warned. Adobe said it planned to patch the critical security bug in Reader and Acrobat 9.1.3 for Windows, Mac and Unix on Tuesday, the date of the company’s previously scheduled patch release for the PDF reader. According to Security Focus here, attackers can exploit the vulnerability by tricking a user into opening a booby-trapped PDF file. “Successful exploits may allow the attacker to execute arbitrary code in the context of a user running the affected application,” the security site warned. “Failed attempts will likely result in denial-of-service conditions.” The bug is presently being exploited in “limited targeted attacks,” Security Focus added, without elaborating. Adobe said only that the attacks target Reader and Adobe running on Windows operating systems. Those using Windows Vista with a feature known as data execution prevention enabled are safe from the exploit. Users on other platforms can insulate themselves from the current attack by disabling javascript from running inside the application, but Adobe warned it’s possible to design an exploit that works around that measure. Source:

For another story, see item 39 below

Communications Sector

38. October 9, San Jose Mercury News – (International) FCC approves new trans-Pacific fiber-optic cable. The U.S. Federal Communications Commission has given the green light for a trans-Pacific fiber-optic cable funded by an international consortium that includes Google. The new cable, expected to be carrying data traffic by early 2010, links the U.S. West Coast and Asia to meet the demand for more bandwidth to handle explosive global Internet communications. The commission’s go-head this week means the soon-to-be completed cable can now come ashore in Redondo Beach. The Department of Homeland Security signed off on the plans September 23. The 6,200-mile cable, costing about $300 million, is being funded by six companies that, in addition to Google, include telecommunications companies Bharti Airtel in India, SingTel of Singapore and Pacnet, a Hong Kong-based deep-sea fiber-optic cable network operator. The new cable will tap into two-thirds of all networks in Asia. “It will provide seamless connectivity to all the major markets in Asia,” the chief executive of Pacnet said. “From an Internet user’s perspective, it will either be the fastest, or one of the fastest, routings between Silicon Valley and Asia. It will be lightning fast.” Testing of the line begins next month and it will be in use by the first quarter of 2010. Source:

39. October 9, The Register – (International) Botnet caught red handed stealing from Google. A recently discovered botnet has been caught siphoning ad revenue away from Google, Yahoo! and Bing and funneling it to smaller networks. According to researchers at Click Forensics, computers that are part of the so-called Bahama Botnet are infected with malware that sends them to counterfeit search pages instead of the real thing. They look authentic, and with the help of DNS poisoning routines, they even display or in the address bar. But the search results returned by these bogus sites have been ginned in some significant ways. While links contained in the organic results ultimately lead to a real site, browsers are first redirected to a series of ad networks that receive a small referral fee. Sponsored links, which typically pay the real search engine each time they are clicked, have also been jury rigged so a smaller ad network gets paid instead. “The idea is to make money through click fraud,” said a risk analyst at Click Forensics that provides auditing services to advertisers. “When those people actually do searches, that’s when these guys can display these ads hidden in the organic search results.” The Bahama Botnet, so named because it initially used compromised servers from that country, has already been implicated in the rogue anti-virus ads that recently found their way onto the website of The New York Times. It has also been known for its mastery of search engine optimization techniques that send people to malicious websites when they search for current events topics. Source: