Department of Homeland Security Daily Open Source Infrastructure Report

Wednesday, June 25, 2008

Daily Report

• According to the Associated Press, officials say five out of 167 sirens failed in a test of the warning system at the Indian Point nuclear power plant in New York City’s heavily populated northern suburbs. The U.S. Nuclear Regulatory Commission has fined Entergy for missing deadlines to install the new siren system. (See item 7)

• The Associated Press reports that national parks across the country face obstacles to protecting their natural and cultural resources because of underfunding and under-staffing, according to new report by the National Parks Conservation Association. (See item 42)

Banking and Finance Sector

11. June 24, Market Watch – (National) SEC wants to curb influence of credit ratings: report. The Securities and Exchange Commission (SEC) plans to propose rules that could reduce the significance of credit ratings in several markets, including the huge money-market business, the Wall Street Journal reported Tuesday. The rules, which will be proposed this week, would be the latest setback during the credit crunch for ratings agencies such as Moody’s, McGraw-Hill Cos. unit Standard & Poor’s, and Fimalac’s Fitch, the newspaper reported. One key rule change the SEC is seeking would allow U.S. money-market funds to invest in short-term debt without regard to ratings put on the securities by the ratings agencies. It would also give managers more discretion to decide whether debt is investment grade, according to the report. Source:

12. June 23, WTVT 13 Tampa Bay – (Florida) Data breach at Bay Area bank. Customers of one Bay Area bank should check their bank statements and apply for a new debit card after a data breach last week. Bank Atlantic confirms they had a data loss, involving their MasterCard debit cards. A spokesperson says it happened through a local merchant, but at this time, is not saying which one. The Florida Attorney General’s office is investigating. There is no word on how many customers are involved. Source:


13. June 23, CnetNews – (National) Information Card Foundation launched. A group including Equifax, Google, Microsoft, Novell, Oracle, and PayPal, plus nine leaders in the technology community announced on Monday the creation of the Information Card Foundation (ICF) with the goal of increasing awareness of the use of electronic ID cards on the Internet, and encouraging interoperability in business around new standards. Information cards are online equivalents of physical ID cards, such as a driver’s license. The basic idea is that customers would have an electronic wallet with various information cards. This would allow customers to bypass typing in user names and passwords. One example for how it could work is a student accessing a university network would simply present his or her electronic student information card. What ICF hopes to introduce instead is a tripartite system. In real time, a user would sync via encrypted connection with an ID provider (say a bank or credit card issuer), and also with a reliant party (a university network, a financial site, or an e-commerce site). Unlike having a credit card number, which anyone on the Internet can use anytime, the ID card model proposed by the ICF requires that all three players (user, provider, and reliant party) be synced in real time before the transaction could proceed. The addition of a trusted third party in real time should make the new proposal more secure. Source:

Information Technology

36. June 24, TMCnet – (International) Finjan discovers stolen data on crimeware servers in Argentina and Malaysia. Unveiling medical, business and airline data stolen and traded by cybercriminals using targeted campaigns, Finjan Inc., has announced its discovery of a server controlled by hackers (Crimeserver) containing more than 500Mb of premium data. This data is part of the premium offering that the cybercriminals operating the Crimeservers were selling to the highest bidder online. The Malicious Code Research Center (MCRC) from Finjan detected a Crimeserver operated by cybercriminals who used campaigns to steal data. These campaigns consisted of highly-sophisticated attacks, incorporating Crimeware toolkits, Trojans and Command and Control (C&C) servers to drive traffic from a specific region, with specific characteristics. The company states that if hackers could steal so much data in a single calendar month, companies should look to implement a comprehensive security system in place. Some implications of stolen medical and patient data include loss of health coverage for the victimized patient; illegal and/or bogus treatments; obtaining prescription drugs for the purpose of selling them; and inaccurate records of victimized patients, which could result in incorrect and potentially harmful treatments. Potential HIPAA violations or breach of general data protection legislation is also on the card for healthcare providers. Finjan states that the compromised data comes from all over the world and contained information from individuals, businesses, airlines and healthcare providers. The report contains examples of compromised data that Finjan found on the Crimeserver. It includes compromised business related data of a U.S. airline carrier; compromised medical related data of hospitals and publicly owned healthcare providers; and identity theft (stolen Social Security Numbers). Source:

37. June 23, ZDNet Blogs – (National) Stanford University data breach leaks sensitive information of approximately 62,000 employees. A data breach resulting from a stolen laptop has leaked sensitive information including Social Security Numbers of approximately 62,000 (as reported by Stanford University) former and current Stanford University employees. The Privacy Rights Clearinghouse, a site devoted to the collection of data breach information, reports this number as 72,000. Source:

Communications Sector

38. June 24, 3 Dimensional Security – (International) Camouflage series of cell phone jammers introduced by 3 Dimensional Security. 3 Dimensional Security announced that they will be releasing a new camouflage series of cell phone jammers which provide a tool for enhancing security. The new CJATA10 and CJATM30 are specifically designed to blend into the background. In North America, the sale of these products is limited to government, law enforcement and military organizations. Source:

39. June 24, IDG News Service – (International) Work begins on Google-backed ‘Unity’ undersea cable. NEC and Tyco began joint planning work Tuesday for the Unity undersea cable, a high-speed fiber optic link between the U.S. and Japan that is backed by Internet-giant Google and five telecom operators. The $300 million cable will initially contain five fiber pairs – dual optical fiber cables, one of which is used for service and the other for back-up – but will be expandable to eight pairs. Each pair is capable of carrying 960G bps (bits per second) of data giving the system a capacity of between 4.8T bps and 7.68T bps. The cable is scheduled to come into use in the first quarter of 2010 at which time the owners predict further expansion in other cables will mean Unity will account for about 20 percent of capacity available across the Pacific. In addition to Google, the other partners are India’s Bharti Airtel; Malaysia’s Global Transit; Japan’s KDDI; and Singapore’s Pacnet and SingTel. Source:

40. June 23, WPTZ 5 Plattsburg – (Vermont) Comcast expands fiber optic network. On Monday, Vermont state leaders called Comcast’s announcement that it would expand the state’s fiber optic network a “significant step” toward the state’s goal of universal access to both broadband and cellular phone coverage to every address across Vermont by the end of 2010. The chair of the newly-created Vermont Telecommunications Authority, which is tasked with the facilitation of a rapid expansion of Vermont’s communications network, said 85 percent of Vermonters now have access to at least one broadband company, but only 49 percent of the state enjoys cell phone coverage. With three of the seven towns on Comcast’s expansion list, Grand Isle County stands to benefit most from the expansion. Comcast declined to disclose the cost of the expansion. Source: