Wednesday, September 26, 2007

Daily Report

The Associated Press reports that Exelon Corp. will end its contract with Wackenhut Corp., which had provided security at the Peach Bottom nuclear power plant in south-central Pennsylvania. Wackenhut security officers were caught on videotape sleeping while on duty in the “ready room,” which is just steps away from the nuclear reactors. (See item 8)

CNN reports that an FBI investigation has revealed that Homeland Security computers were hacked into and that “significant amounts of information” was sent to Chinese language websites. Lawmakers said dozens of DHS computers were compromised and the incidents “were not noticed until months after the initial attacks.” (See item 30)

Information Technology

30. September 25, CNN – (National) Investigators: Homeland Security computers hacked. Hackers compromised dozens of Department of Homeland Security computers, moving sensitive information to Chinese-language Web sites, congressional investigators said Monday. Investigators blamed Unisys, a government contractor, saying the firm hired to protect DHS computers tried to hide the incidents from the department. The FBI is investigating the incidents, a congressional staffer said, and two members of Congress have asked the department’s inspector general to also launch an investigation. “The results of our [committee] investigation suggest that the department is the victim not only of cyber attacks initiated by foreign entities, but of incompetent and possibly illegal activity by the contractor charged with maintaining security on its networks,” said two congressional representatives in a written statement. The lawmakers said committee investigators found dozens of DHS computers were compromised and the incidents “were not noticed until months after the initial attacks.” The extent of the damage is unclear, but a House Homeland Security Committee staff member said the hackers “took significant amounts of information.”


31. September 25, CNet News (National) Trojan attack targets top executives. Security company MessageLabs reported that 1,100 e-mails containing malware-infected RTF (rich text file) attachments were recorded over a 16-hour period this month. Four separate waves appeared between September 13 and 14, the company said. “All (the e-mails) were going after (top-level) management. The e-mails included the company name in the subject field, purporting to be a recruitment company. The top-level nature of the targets clearly indicates that the attackers are after information,” the MessageLabs representative said, “but the greater concern is the social-engineering technique used to spread the Trojan-harboring e-mail. The way that this works has the potential to be so effective. You are getting that top-down approach – if they forward that e-mail on internally, that e-mail is coming from a trusted source,” he said. Another security expert recently said that the perfect attack would be a zero-day attack using a rootkit-cloaked Trojan sent to an H.R. manager who, due to company policy, would be compelled to open the document. H added that there is little that organizations can do to protect against these threat types besides educating users of the risks, because banning the receipt of common file types is impractical.

Communications Sector

32. September 25, New York Daily News – (New York) Reverse-911 a good call. New York City is considering a reverse-911 system that would allow officials to alert the public to emergencies and transmit needed information via telephone. The City’s Deputy Mayor reported to the City Council last week that a pilot reverse-911 program could be “ready to go” early next year, adding that the city needs “a redundant system that will cover all bases,” including an e-mail emergency notification and a text-messaging program along with the telephone system. He said a pilot e-mail system would be up and running at the end of next month and a text-messaging pilot by the end of the year.

33. September 25, News Week – (New York) The latest contraband. In recent years contraband cell phones have become a hot commodity in prisons across the country, and they are posing a serious threat to security, authorities say, especially as phones get smaller and offer technologically advanced features. In Florida, which has the country’s third-largest prison system, 109 cell phones have been confiscated over the past year, a 25-30 percent increase from the previous year, and the number is expected to keep growing, according to Florida’s assistant secretary for institutions. Seven cell phones were recently confiscated in a major drug bust in the Sunshine State’s prison system; investigators believe inmates communicated on cell phones to smuggle crack cocaine and marijuana into one of Florida’s higher-security units through prisoner squads working on roads. Contraband phones were found in the prison, at the work camp and in transport vehicles running to and from work sites. Elsewhere, construction materials, sneaky visitors and corrupt prison guards have proved to be reliable means of entry; in New York smugglers have even hidden phone parts inside old typewriters to evade X-ray scrutiny. Prison officials are warning states that the security risk will continue to grow as cell phones shrink in size and advance technologically. Tiny phones equipped with cameras, Internet access and GPS navigation can help orchestrate prison-break plots, drug trafficking, gang violence and harassment of former victims.