Department of Homeland Security Daily Open Source Infrastructure Report

Monday, December 29, 2008

Complete DHS Daily Report for December 29, 2008

Daily Report


 The Cherry Hill Courier-Post reports that National Guardsmen and State Police will no longer patrol New Jersey’s three nuclear power plants. (See item 8)

8. December 27, Cherry Hill Courier-Post – (New Jersey) Private security to handle NJ’s nuke plant patrols. National Guardsmen and State Police will no longer patrol New Jersey’s three nuclear power plants. The state attorney general says that enhanced private security and a new video monitoring system at the plants will suffice. The video monitoring system used has thermal imaging capabilities and can provide views of the perimeter. It feeds images directly to the state’s Regional Operations and Intelligence Center. National Guardsmen have patrolled outside Oyster Creek in Forked River and the Salem and Hope Creek Nuclear Generating Stations in Salem County since October 2001. During the last seven years, Oyster Creek and Salem/Hope Creek have spent more than $82 million combined on capital security improvements. Source:

 According to the Knoxville News Sentinel, the Tennessee Department of Environment and Conservation said Friday that an ash spill at a TVA power plant in Kingston has contaminated area waters above regulatory limits for drinking water, though none has made its way into the city’s water treatment plant. (See item 31)

31. December 26, Knoxville News Sentinel – (Tennessee) Water near TVA power plant contaminated by huge ash spill. The Tennessee Department of Environment and Conservation (DEC) said Friday evening that an ash spill at a TVA power plant in Kingston, Tennessee, has contaminated area waters above regulatory limits for drinking water, though none has made its way into the city’s water treatment plant. “All samples received to date indicate that the water entering the Kingston Water Treatment Plant meets public health standards,” a department spokeswoman said in a statement. The spill at the Tennessee Valley Authority’s Kingston Fossil Plant on Monday dumped 5.4 million cubic yards of fly ash and water into the adjacent neighborhood and clogged the Emory River. The spokeswoman said TVA conducted the tests and informed DEC of the contamination. She also said DEC has agreed to the emergency installation of a submerged weir across the channel of the Emory River to slow the flow of water and capture the material. “We have no indication of acute or immediate risk based on contact with the material, as long as it is not eaten,” she said. “It is premature to speculate on long-term impacts of the material or potential exposure pathways.” She said a sampling plan is being prepared. Source:


Banking and Finance Sector

14. December 28, CNN – (National) Wachovia settlement checks real, Better Business Bureau says. The Better Business Bureau is assuring individuals who recently received a check from a federal court in Pennsylvania that the checks are legitimate and part of a settlement agreement with Wachovia Bank related to telemarketing fraud. The agency said it has been receiving calls from consumers concerned about the legitimacy of the $149 checks and confused why they are included in the settlement. The checks are part of a $150 million settlement Wachovia agreed to in U.S. District Court in Philadelphia, Pennsylvania, the bureau said in a press release. “These checks are legitimate and consumers who receive them can safely deposit the check in their banking account or cash the check at a Wachovia branch,” said the president of the Better Business Bureau of Southern Piedmont in Charlotte, North Carolina. Wachovia began mailing checks in varying amounts to about 742,000 consumers on December 11, according to the U.S. attorney’s office for the Eastern District of Pennsylvania. Regulators said the settlement agreement arose from banking arrangements that Wachovia had with telemarketers to process payments for product orders made over the telephone. Source:

15. December 27, Washington Post – (International) Accounting standards wilt under pressure. World leaders have vowed to help prevent future financial meltdowns by creating international accounting standards so all companies would play by the same rules, but the effort has instead been mired in loopholes and political pressures. In October, largely hidden from public view, the International Accounting Standards Board (IASB) changed the rules so European banks could make their balance sheets look better. The action let the banks rewrite history, picking and choosing among their problem investments to essentially claim that some had been on a different set of books before the financial crisis started. The results were dramatic. Deutsche Bank shifted $32 billion of troubled assets, turning a $970 million quarterly pretax loss into $120 million profit. And the securities markets were fooled, bidding Deutsche Bank’s shares up nearly 19 percent on October 30, the day it made the startling announcement that it had turned an unexpected profit. The change has had dramatic consequences within the cloistered world of accounting, shattering the credibility of the IASB — the very body whose rules have been adopted by 113 countries and is supposed to become the global standard-setter, including for the United States, within a few years. Source:

16. December 23, Associated Press – (National) Analysts alarmed by IndyMac backdating infusions. Upon learning that a federal regulator helped a troubled thrift look more financially stable than it was shortly before it collapsed, analysts said it is worrisome to think that more banks have been able to hide their problems. It was revealed Monday that a regulator in the Office of Thrift Supervision (OTS) in May approved a backdated infusion of $18 million for IndyMac Bancorp, a big thrift that failed in July, costing the federal insurance fund for banks nearly $9 billion. The Treasury Department’s inspector general also found that OTS had allowed other thrifts to record capital infusions in an earlier period than when they were received. Other banks skirting close to their minimum required capital levels may also have been allowed such leeway by regulators, misleading investors about their financial health, said a banking industry consultant. Source:

Information Technology

39. December 26, MX Logic – (International) New worm with evolved tricks. Security officials and blogs issued a warning about the Waledac worm making the holiday rounds through a spam email urging users to visit a website claiming it has a Christmas card addressed to them. The malicious link in the email, if clicked, infects machines with malware, and the first signs of it were spotted December 21, reports. Once in the machine, the worm searches for email addresses and then sends spam email copies of itself to others. Some of the elements of the Waledac worm shared some similarities with the Storm Worm, such as using a redirection site and the ability to hide its IP address. The Storm has the tendency to spread near holidays such as New Year’s and Mother’s Day. However, the similarities end with the absence of “a peer-to-peer network to communicate and instead uses an open-source executable packer and cryptography to hide its tracks,” according to the article. While the potential for the Waledac worm to spread remains low because of its late-holiday release, SMBs are urged to block the download of ecard.exe to protect against the malicious spam email. Source:

40. December 24, IDG News Service – (International) Microsoft redirect aids boost fake anti-virus scam. A new player has entered the fake anti-virus market with a little bit of help from Microsoft and the U.S. Internal Revenue Service. Over the past four days, the scammers have used so-called redirector links on Web sites belonging to magazines, universities and, most remarkably, the and domains, said the director of research in computer forensics with the University of Alabama, who first reported the activity on his blog. Many Web sites use redirector links to take visitors away from the site, although the Web site operators try to stop them from being misused by scammers. For example, the Google URL uses Google’s “I’m feeling lucky” feature to send Web surfers to If criminals can use a redirector on a major Web site like Microsoft’s or IRS’s, however, they can make their malicious links pop up very high in Google search results, said the director. “Microsoft is a super-powerful site as far as search engine weight is concerned,” he said. The bad guys have tricked search engines into returning their malicious links to tens of thousands of search terms, he said. They have done this by using special software to add these redirector links to “tens of thousands of blog comments, guestbook entries, and imaginary blog stories all around the Internet,” the director said in his blog posting. A Google search for the term “Microsoft Office 2002 download” yields a redirection link as its first result. That link had been redirecting visitors to a malicious Web site, which launched Web-based attack code against victims and tried to trick them into downloading fake antivirus software, he said. However, Microsoft has now fixed the problem, so the link that pops up in the Google search results was no longer taking surfers to the malicious Web site. Source:

41. December 23, Computerworld – (International) Free anti-virus scanner hit by bug. Windows users are under threat from a bug in Trend Micro’s free online virus scanning service, warn security researchers. Attackers able to dupe users into visiting a malicious Web page could exploit a vulnerability in the custom ActiveX control that Trend Micro distributes to users of its free HouseCall service, said Danish bug tracker Secunia in an alert. HouseCall bills itself as a free scanning tool that checks “whether your computer has been infected by viruses, spyware, or other malware.” “The vulnerability is caused due to a use-after-free error in the HouseCall ActiveX control (Housecall_ActiveX.dll),” said Secunia’s warning. “This can be exploited to dereference previously freed memory by tricking the user into opening a web page containing a specially crafted ‘notifyOnLoadNative’ callback function.” Trend Micro has fixed the flaw in the ActiveX control and patched the public HouseCall servers, but it noted that the latter has not been extensively tested, and essentially waived responsibility if it turns out not to be sufficient. “This hot fix was developed as a workaround or solution to a customer-reported problem. As such, this hot fix has received limited testing and has not been certified as an official product update,” Trend Micro said in its own advisory. “Consequently, this hot fix is provided ‘as is.’ Trend Micro makes no warranty or promise about the operation or performance of this hot fix nor does it warrant that this hot fix is error free.” Users running Microsoft Corp.’s Internet Explorer — the only browser that requires the ActiveX control — should run Version 6.6 of the service, rather than the older HouseCall 6.5, said Secunia. Companies running HouseCall Server in-house should request the HouseCall 6.6 Hot Fix Build 1285 update through their normal support channels, Trend Micro advised. Secunia rated the vulnerability as “highly critical,” the second-highest ranking in its five-step scoring system. Source:

42. December 23, BBC News – (National) U.S. questions net overhaul plans. Plans to offer hundreds of new Web addresses as alternatives to .com have been criticized by the U.S. government. The Internet Corporation for Assigned Names and Numbers (ICAAN) has floated plans for the radical change to the existing system. But the U.S. Commerce Department has questioned both the benefits and the costs of such a scheme. Officials have also raised concerns about whether the plans will destabilize the current system. In a letter sent two weeks ago, a Commerce Department official questioned ICANN’s proposed pricings for the new addresses. The net body planned to offer between 200 and 800 new addresses for sale at $185,000 per domain with a yearly cost of $60,000. But the official said ICANN needed to “articulate a clear rationale for the proposed fee structure.” She also called on the net body to supply evidence that the changes would “not compromise the stability or security of DNS (Domain Name System).” Source:

Communications Sector

43. December 23, OCRegister – (California; Hawaii) Time Warner’s O.C. phone outage felt in Hawaii. Intermittent telephone service among Time Warner Cable customers in Orange County, California, for the past week has been fixed, a spokesman said December 23. The outage was due to a router rebooting three times. The cause is still under investigation. Time Warner’s digital phone service operations are based in Orange County and serve San Diego, Hawaii, and the desert cities. The telephone outage in Hawaii spurred a report December 23 by, a mobile news site: “Oceanic Time Warner Cable doesn’t know how many of its 65,000 digital phone customers are affected and the severity of the problem, but it said intermittent phone service started about a week ago in California. Outages can run anywhere from one to 20 minutes at a time.” The spokesman disagreed that the outage affected 65,000 people. “The system has been stable since we found a problem,” he said. “There have been no reports of instability with that router.” Source: