Department of Homeland Security Daily Open Source Infrastructure Report

Wednesday, November 19, 2008

Complete DHS Daily Report for November 19, 2008

Daily Report

Headlines

 According to Reuters, Entergy Corp. reduced the Grand Gulf nuclear power station in Mississippi on November 17 due to a fire in a protected area, the company told the U.S. Nuclear Regulatory Commission in a report. (See item 4)

4. November 18, Reuters – (Mississippi) Entergy Miss. Grand Gulf reactor reduced due to fire. Entergy Corp. reduced the Grand Gulf nuclear power station in Mississippi on November 17 due to a fire in a protected area, the company told the U.S. Nuclear Regulatory Commission (NRC) in a report. A spokeswoman for the plant said teams were investigating the incident to determine the source of the oil and make any necessary repairs. She said the fire caused only minor damage and did not pose any

danger to public or workers. The fire was under one of the reactor feedwater pumps involving oil that had accumulated under the pump. Operators tripped the pump, which reduced the reactor from full power to 48 percent. They were able to increase the plant output to about 65 percent where it was holding early Tuesday, the spokeswoman noted. Because the fire lasted more than 15 minutes in a protected area, the company declared an unusual event to the NRC. Source: http://www.reuters.com/article/rbssIndustryMaterialsUtilitiesNews/idUSN18168920081118

 The Associated Press reports that the Homeland Security Secretary announced new rules for screening passengers and crew members on private aircraft bound for America. The goal is to keep terrorists from using a private plane to smuggle a dirty bomb or nuclear weapon into the United States and detonate the weapon over a major city. (See item 12)

12. November 17, Associated Press – (National) U.S.-bound private planes to face tighter security. Closing what he called the last major vulnerability for bringing a weapon of mass destruction into the United States, the Homeland Security Secretary announced new rules for screening passengers and crew members on private aircraft bound for America. Starting in about a month, at least one hour before takeoff, general aviation pilots will have to submit the names and other information about every person on board a flight to the United States. The goal is to keep terrorists from using a private plane to smuggle a dirty bomb or nuclear weapon into the United States and detonate the weapon over a major city. Requiring that information be sent one hour before takeoff gives officials more time to screen passengers and crew against intelligence databases that list suspected terrorists. Private aircraft have not undergone the intense screening given to U.S.-bound cargo and commercial flights, leaving general aviation flights vulnerable, the Secretary said at the Center for Strategic and International Studies. The rule takes effect 30 days after it is published in the Federal Register. Source: http://www.govexec.com/story_page.cfm?articleid=41436&dcn=todaysnews

Details

Banking and Finance Sector


8. November 17, CNNMoney.com – (National) Treasury: $33.6 billion to 21 banks. The Treasury Department said Monday that it has dispersed $33.56 billion to 21 banks in a second round of payments as part of the $700 billion bailout program designed to boost the nation’s banking system. The new distribution brings the total to $158.56 billion so far. The government previously distributed $125 billion to nine banks in the form of stock purchase programs. In this second round, Minneapolis, Minnesota-based U.S. Bancorp received the largest amount of $6.6 billion. Atlanta-based SunTrust Banks received $3.5 billion, as did Birmingham, Alabama-based Regions Financial Corp. Capital One Financial Corp. based in McLean, Virginia. received $3.56 billion. The smallest amount of $9 million went to Los Angeles-based Broadway Financial Corp. Source: http://money.cnn.com/2008/11/17/news/companies/tarp_banks/index.htm

Information Technology


25. November 18, Techworld – (International) Srizbi botnet flounders after McColo shutdown. Large numbers of infected computers have been searching in vain for the Srizbi botnet disrupted by the disconnection of ISP McColo a week ago, a security vendor has found. According to FireEye Security, the company has detected a total of 450,000 compromised IP addresses have been trying to connect to Sribzi-controlled command and control computers that would have been hosted by McColo until it disappeared. The company identifies Srizbi by monitoring computers that attempt to connect to IP addresses 75.127.68.122 or 64.22.92.154 from November 12 onwards, and recommends that administrators check firewall logs to trace http traffic opening ports to these locations. FireEye explains its traffic-analysis system in more detail on its website, and has also published a list of tools for cleaning up PCs affected by Srizbi. Source: http://www.techworld.com/security/news/index.cfm?newsid=107278&pagtype=all


26. November 17, Dark Reading – (International) Phishing attacks reach record highs. Phishing attacks have hit new records for volume and frequency during the past two months, a Cyveillance researcher said today. In the first quarter of 2008, Cyveillance typically saw a daily average number of phishing attacks in the low-400 range, the company said. In the past month, however, that average has increased to more than 1,750, with record peaks as high as 13,209 in a single day. During the first half of this year, the quantities and frequency of the attacks have steadily increased, averaging 400 to 500 per day, with spikes occasionally reaching nearly 1,000 per day, Cyveillance said. While the summer of 2008 brought an overall slowdown in attacks, there has been a significant increase in attack volumes and frequency of spikes since September. Cyveillance analysts and outside observers attribute the increased volumes to many influences, most notably the worldwide financial crisis and the relentless efforts by phishers to elude detection. The Anti-Phishing Working Group reported earlier this month that crimeware-spreading URLs infecting PCs with password-stealing code rose 93 percent in the first quarter to 6,500 sites, nearly double the previous high of November 2007 — and an increase of 337 percent from the number detected end of Q1, 2007. Source: http://www.darkreading.com/security/attacks/showArticle.jhtml;jsessionid=ZFSKMMAYUZASAQSNDLPSKH0CJUNN2JVN?articleID=212100340


Communications Sector

Nothing to report