Department of Homeland Security Daily Open Source Infrastructure Report

Wednesday, June 18, 2008

Daily Report

• According to Reuters, the U.S. Nuclear Regulatory Commission said it will increase oversight at the Nebraska Public Power District’s Cooper nuclear power station due to the misconfiguration of two of the plant’s emergency operating procedures. (See item 8)

• The Des Moines Register reports that the flooding in Iowa caused a major environmental disaster. There have been reports of raw sewage flowing into rivers, small chemical tanks popping off their foundations, and gasoline and farm chemicals floating downstream. (See item 22)

Banking and Finance Sector

11. June 17, Buffalo News – (National, International) M&T sues German bank. M&T Bank Corp. sued German banking giant Deutsche Bank AG Monday evening, accusing the global investment banking powerhouse of knowingly selling M&T unsafe mortgage investments. M&T is seeking to recover $182 million in losses and punitive damages. The fraud lawsuit concerns two investment securities M&T purchased from Deutsche Bank in February 2007. At the time, M&T had hoped to earn higher returns than it could on U.S. Treasury bills and high-grade commercial debt issued by a company like General Electric Co. The action by M&T represents the latest effort by an investor that purchased mortgage- backed securities and related bonds to go after the lender or brokerage that sold the investments in the first place. Several such investor lawsuits have been filed by unions, pension funds, hospitals and municipalities such as Springfield, Massachusetts, alleging they were sold inappropriate investments. Source:

12. June 16, Associated Press – (Indiana) Credit unions investigate weekend withdrawals overseas. More than 100 credit union members in South Bend, Indiana, had money fraudulently taken from their accounts from ATMs over the weekend in places such as Russia, Ukraine, and Nigeria, officials said Monday. The senior vice president for sales and marketing said the withdrawals were not the result of an internal breach. Meanwhile, about 10 Notre Dame Federal Credit Union members reported similar withdrawals since Saturday, said the vice president of marketing and business development. He said there has been “some sort of data breach and fraudulent withdrawals” in Ukraine, Russia and Spain. Source:,0,4053122.story

Information Technology

33. June 17, IDG News Service – (National) Former ‘spam king’ must pay MySpace $6 million. A Colorado man has been ordered to pay $6 million in damages and legal fees for spamming thousands of users. The man, who was once accused of sending more than 100 million spam messages per day, was sued by MySpace in January 2007 in connection with an August 2006 campaign in which MySpace members were hit with unsolicited messages promoting a Web site called The messages were sent from phished MySpace accounts, according to the findings of the court-appointed arbitrator in the case. The messages were sent to a MySpace community that was ill-equipped to deal with any security problems. Source:

34. June 16, Computerworld – (International) Researchers urge ransomware victims to try file-recovery app. On Monday, Moscow-based Kaspersky Lab, the security company that two weeks ago said it would lead a group effort to crack an encryption key used in a “ransomware” scam offered victims more-practical advice as it published instructions on how to recover data thought lost to the extortionists. Kaspersky added the instructions, which rely on an open-source file-recovery utility, to its writeup of Gpcode.ak, the Trojan horse that it first warned users about on June 8. At the time, Kaspersky said that Gpcode.ak encrypted 143 different file types on compromised Windows PCs and deleted the original unencrypted files before displaying a message telling users that they could ransom the data by purchasing a decrypting tool. A week ago, a Bulgarian security researcher reported that the hackers were demanding $100 to $200 for the unlocking program. Monday, Kaspersky said users might be able to recover the Gpcode.ak-deleted files without paying the ransom. “It is possible to restore a deleted file as long as the data on disk has not been significantly modified,” noted a Kaspersky researcher on the company’s blog. He recommended that users download PhotoRec, an open-source file-recovery utility that runs on Windows and other operating systems. Kaspersky Lab’s analysis of Gpcode.ak has been expanded to include step-by-step instructions on how to recover files the Trojan horse deleted but that actually remain on the drive. The company also crafted a second utility, dubbed “StopGpcode,” that finishes the work PhotoRec starts by restoring the filenames and folder organization of recovered files. Source:

Communications Sector

35. June 17, Express-Times – (Pennsylvania; New Jersey) Web woes caused by blaze, RCN says. A fire in a fiber optic line somewhere between the Lehigh Valley and Philadelphia caused a disruption in Internet service Sunday for RCN customers, according to a company executive. An announcement Sunday on the company’s automated phone system said a region-wide system failure was caused by a “fiber cut.” Some television customers were affected as well, the company said in an updated telephone message about 9:45 p.m. Sunday. The general manager of RCN-Pennsylvania said Monday he would not have specifics available until Tuesday, but the problem involved an electrical situation that required repairs first by an electric utility. RCN provides cable, Internet, and telephone service in the Lehigh Valley and parts of New Jersey. Source:

36. June 16, IDG News Service – (National) Microsoft, Nortel offer hosted unified communications. Microsoft and Nortel on Monday introduced a fully hosted unified-communications and collaboration service for carriers, the first entirely hosted carrier-grade offering to come out of an alliance struck between the companies two years ago. At the NXTcomm08 conference in Las Vegas, Microsoft and Nortel unveiled a suite based on Nortel Communications Server 2000, an IP multimedia softswitch, and the Microsoft Solution for Hosted Messaging and Collaboration Version 4.5 (HMC 4.5), a combination of hosted versions of both Microsoft Office Communications Server 2007 and Microsoft Exchange Server 2007. Carriers can use the software to offer hosted unified communications for their customers, which opens up the service to a broader customer base. Unified communications is the term for an integrated, IP-based software or hosted package that gives companies telephony, corporate instant-messaging, e-mail, video-conferencing, and other tools for allowing business workers to collaborate from one user interface. In March, Nortel and Microsoft teamed up to offer a hybrid of hosted and on-premises unified-communications software and services for carriers based on a previous version of HMC. However, customers still had to install some of the infrastructure on site, which is cost-prohibitive for some companies. A fully hosted offering extends the service to small and medium-size businesses that cannot afford to deploy complex infrastructure on site, the companies said. Source:

Tuesday, June 17, 2008

Daily Report

• According to the Associated Press, investigations of security practices at Cook Nuclear Plant have led to the suspensions of six people who work at the facility due to inattention and inappropriate use of security cameras. The Herald-Palladium reports that those suspended include three American Electric Power Co. workers and three Wackenhut employees. (See item 9)

• The Indianapolis Star reports that the state of Indiana had repeatedly warned the owners of four dams damaged by this month’s storms that the structures were deficient, but the owners never made the necessary repairs. When no repairs were made, none of the listed owners met with penalties from the Indiana Department of Natural Resources. (See item 47)

Banking and Finance Sector

14. June 15, Kalamazoo Gazette – (Michigan) Officials starting to look for foreclosure irregularities. Some city and Kalamazoo County, Michigan, officials, as well as local housing-industry representatives will begin reviewing recently foreclosed properties to look for irregularities, the Kalamazoo County treasurer said. The official said the group began meeting last month to find ways to help residents displaced by foreclosure. Now the group plans to expand its mission and look for patterns such as those uncovered by a Kalamazoo Gazette investigation of a suspect’s foreclosures that may point to mortgage fraud. The group will develop a protocol for staff to follow to report suspicious activity, such as a string of overpayments or foreclosures, he said. Nationally, reports of mortgage fraud increased six fold between 2002 and 2006, to more than 35,600, the FBI reported. Michigan last year ranked third among states for reports of mortgage fraud, according to the Mortgage Asset Research Institute. Source:

15. June 15, Star-Tribune – (Minnesota) Nothing left but bank’s bad name. A bank headquartered in Staples, Minnesota, looked far from home for new business. But deals flopped for investors, who stopped making payments to First Integrity. Federal regulators closed down the bank two weeks ago. The bank suffered millions in losses. Lawyers for First Integrity officers deny accusations of self-dealing, breach of contract, securities fraud and mismanagement of real estate investments. Source:

16. June 15, Associated Press – (National) U.S. authorities seek assistance from Switzerland in UBS tax case. The U.S. tax authorities have asked Switzerland to help in their investigation of UBS, a spokesman for the Swiss federal prosecutor’s office said Sunday. Switzerland is now examining whether it can assist in the request, said a spokesman. He declined to provide details about the request, which arrived Wednesday. A former UBS executive has been charged with conspiring to defraud the United States by helping wealthy clients hide assets and evade taxes. The case led the U.S. Justice Department to investigate whether the bank itself had helped U.S. clients evade taxes from 2000 to 2007. Swiss law prevents banks from divulging the names and details of their clients except in cases of tax fraud. Tax evasion is not considered sufficient grounds for legal assistance. The U.S. investigation has already affected the Swiss bank’s operations in the United States, where it manages about $704 billion for rich American clients. The Swiss media have reported that UBS was concerned its employees could face arrest if they travel to the United States. The bank has declined to comment on the reports. Source:

17. June 14, Associated Press – (New Hampshire) TD Banknorth warning of e-mail scam. TD Banknorth is warning customers about an e-mail scam that could infect computers. The e-mail messages say they are from TD Banknorth’s President and Chief Executive Officer. They ask for personal information. The bank says clicking on a link in the note probably infects a customer’s computer with a program that sends their information to the hacker. Source:

18. June 13, Chicago Tribune – (National) FBI stepping up efforts to combat mortgage fraud. The Federal Bureau of Investigation (FBI) has ordered more than two dozen of its field offices, including two in Illinois, to stop probing some financial crimes so agents can focus on mortgage fraud. The chief of the criminal investigative division issued the directive last week during a conference call with the heads of 26 offices in areas where mortgage crime is rampant, said an FBI spokesman in Washington. The shift comes after an analysis was conducted of how agents were spending their time. In recent years, the FBI has shifted resources away from financial crimes to concentrate on homeland security issues. The affected FBI offices are in Illinois, Florida, Georgia, California, Nevada, Arizona, Texas, New York, Ohio, Michigan, Indiana and Minnesota. Source:,0,7052957.story

Information Technology

39. June 15, ComputerWorld – (National) Microsoft snafu blocks enterprise patching. Microsoft Corp. confirmed late Friday that enterprise administrators using one of its patch-distribution tools have not been able to install last week’s security updates. The company offered a work-around and said it is working on a fix. Only corporate administrators using System Center Configuration Manager (ConfigMgr) 2007, which itself was just updated to Service Pack 1 (SP1), are affected, and only those systems running System Management Server (SMS) 2003 client software refuse to update. “The impact of this issue is that customers in this configuration cannot deploy the June 2008 security updates to their SMS 2003 clients.” Source:

40. June 15, TechWorld – (National) Insider threat exaggerated, study says. Verizon’s 2008 Data Breach Investigations Report, which looked at 500 breach incidents over the last four years, contradicts the growing orthodoxy that insiders, rather than external agents, represent the most serious threat to network security at most organizations. Seventy-three percent of the breaches involved outsiders, 18 percent resulted from the actions of insiders, with business partners blamed for 39 percent – the percentages exceed 100 percent due to the fact that some involve multiple breaches, with varying degrees of internal or external involvement. “The relative infrequency of data breaches attributed to insiders may be surprising to some. It is widely believed and commonly reported that insider incidents outnumber those caused by other sources,” the report states. Nevertheless, the report cautions from using the statistics to dismiss the internal threat altogether. When internal or partner security compromises happen, they tend to involve greater amounts of data. Where data loss was involved, external security breaches resulted in a media of 30,000 records being compromised, some way behind the figure for internal breaches, at 375,000. Source:

Communications Sector

41. June 16, WHAG 25 Hagerstown – (Pennsylvania) Cell phone tower dispute in Blue Ridge Summit. A proposed cell phone tower is at the center of a heated debate in Blue Ridge Summit, Pennsylvania. The ongoing public hearing will continue Monday. Washington Township supervisors delayed the hearings so they could consult with real estate and cell phone tower experts. Some residents are worried about the tower’s proposed location and the impact it could have on the history of Blue Ridge Summit Source: