Department of Homeland Security Daily Open Source Infrastructure Report

Tuesday, July 21, 2009

Complete DHS Daily Report for July 21, 2009

Daily Report

Top Stories

 According to Reuters, the U.S. Nuclear Regulatory Commission responded the week of July 13 to a scare at Babcock & Wilcox’s nuclear facility in Lynchburg, Virginia that turned out to be non-threatening. (See item 12)

12. July 17, Reuters – (Virginia) NRC responds to scare at B&W nuclear plant in Va. The NRC responded the week of July 13 to a scare at Babcock & Wilcox’s nuclear facility in Lynchburg, Virginia, that turned out to be non-threatening, a spokesman for the NRC said on July 17. B&W staff declared an alert — the lowest level of NRC emergency classifications for fuel facilities — after identifying a potential radiation issue in the uranium recovery area. A saw used to cut fuel components was found to have discharged oil into a container with an unknown amount of highly enriched uranium. The potential threat was due to the possibility of “bad geometry,” said a spokesman for the NRC. A chain reaction resulting in either a “burst” or sustained release of radiation can occur when highly enriched uranium comes together in sufficient quantity or in a container of “correct” shape, the NRC said in a release. The oil and metal shavings were not supposed to be together in the container. After B&W analyzed the material, it determined only a small amount of uranium was in the oil. The incident did not pose any harm to the workers or public. “Since the amount of uranium in the oil was unknown, it was important to take a conservative approach,” said an NRC Region II Administrator in a release. The NRC spokesman could not say what kind of metal B&W was cutting. Officials at B&W were not immediately available to comment. The Lynchburg Nuclear Operations Group facility is one of only two private U.S. facilities licensed to possess and process highly enriched uranium, according to the B&W web site. Source:

 The Associated Press reports that federal investigators are trying to find out why the operator of a San Francisco light-rail that crashed into a parked train and injured 48 passengers on July 18 had turned off the automatic controls moments before the collision. (See item 22)

22. July 20, Associated Press – (California) Rail operator’s actions questioned in Calif. crash. Federal investigators are trying to find out why the operator of a San Francisco light-rail that crashed into a parked train and injured dozens of passengers had turned off the automatic controls moments before the collision. Had he kept the autopilot on, the train would have slowed down before arriving at the West Portal Station and likely not careened into the other train while going 23 mph, a National Transportation Safety Board investigator said July 19. He added that the operator never engaged the emergency brake. The investigator said a mechanical inspection of the train that caused the accident has so far not uncovered any problems. The crash on July 18 injured 48 people, four seriously, in the latest in a series of commuter train wrecks in recent months in the U.S. None of the injuries were life-threatening. A chaotic scene unfolded after the westbound train struck the end of the other train at a boarding platform. The operator was pinned inside his damaged compartment, said a San Francisco fire lieutenant. Neither the investigator nor local transit officials would identify the driver, but said he started as a San Francisco bus driver in 1979 and switched to light rail in 2007. He was hospitalized after the crash and a drug test had been administered, which was standard procedure for crashes. Investigators will interview the operators to determine the cause and they would look at whether cell phone use played a factor in the crash, as is standard in all train accident investigations. It was the fourth major subway or commuter rail accident in the last 10 months. Source:


Banking and Finance Sector

17. July 20, Washington Post – (National) Bailout overseer says banks misused TARP funds. Many of the banks that got federal aid to support increased lending have instead used some of the money to make investments, repay debts or buy other banks, according to a new report from the special inspector general overseeing the government’s financial rescue program. The report, which will be published on July 20, surveyed 360 banks that got money through the end of January and found that 110 had invested at least some of it, that 52 had repaid debts and that 15 had used funds to buy other banks. Roughly 80 percent of respondents, or 300 banks, also said at least some of the money had supported new lending. The report by the special inspector general calls on the Treasury Department to require regular, more detailed information from banks about their use of federal aid provided under the Troubled Asset Relief Program. The Treasury has refused to collect such information. Doing so is “essential to meet Treasury’s stated goal of bringing transparency to the TARP program and informing the American people and their representatives in Congress about what is being done with their money,” the report said. In a written response, the Treasury again rejected that call. Officials have taken the view that the exact use of the federal aid cannot be tracked because money given to a bank is like water poured into an ocean. Source:

18. July 20, Wall Street Journal – (National) Commercial loans failing at rapid pace. U.S. banks have been charging off soured commercial mortgages at the fastest pace in nearly 20 years, according to an analysis by The Wall Street Journal. At that rate, losses on loans used to finance offices, shopping malls, hotels, apartments and other commercial property could reach about $30 billion by the end of 2009. The losses by regional banks on their commercial real-estate loans will be among the most watched details as thousands of banks report second-quarter results over the next two weeks. Many of the most troubled banks have heavy exposure to commercial real estate. So far, 57 banks have failed this year. The $30 billion estimate is based on financial reports filed by more than 8,000 banks for the first quarter. The trend continued as a handful of major banks reported second-quarter results, including Goldman Sachs Group Inc., J.P. Morgan Chase & Co. and Bank of America Corp. Regional banks tend to have higher exposure to commercial real estate than these big financial institutions. The commercial real-estate market, valued at about $6.7 trillion, represents 13 percent of the U.S.’s gross domestic product. But the recession and scarce credit are pushing more commercial developers and investors into default. Meanwhile, property values continue to decline, and banks are required to record a loss on any troubled real-estate loans where the appraised value falls below the amount owed. Delinquencies on commercial mortgages held by banks more than doubled to about 4.3 percent in the second quarter from a year earlier, Foresight Analytics estimates. A Congressional Representative from New York, who heads the House’s Joint Economic Committee, said she is working with Treasury Department officials on a plan to try to head off rising defaults on commercial mortgages before they cascade into a crisis. Source:

19. July 20, Bloomberg – (New York) CIT said to weigh $3 billion bondholder funding offer. CIT Group Inc., the 101-year-old commercial finance company seeking to ward off bankruptcy, may announce an agreement for $3 billion in financing from bondholders as soon as July 20, a person briefed on the board’s deliberations said. The funds would give the New York-based company a chance to restructure its debt outside of bankruptcy, said the person, who declined to be identified because the talks are confidential. The lender’s board accepted the deal on July 19, the New York Times reported. CIT needs time to strike deals with bondholders to reduce debt after the U.S. declined to give the firm a second bailout. CIT, which reported $3 billion of losses in the last eight quarters, received a $2.33 billion rescue in December after converting to a bank holding company to be eligible to sell bonds backed by the Federal Deposit Insurance Corp. “We still think it is a losing effort in the intermediate term although some bondholders may end up better than others with this structure,” said an analyst at CreditSights Inc. in New York. “The wholesale model is dead and creating a branch deposit system from scratch is too expensive for CIT and takes too long to build to help any time soon.” Barclays Capital is arranging the funding, said another person familiar with the negotiations. The financing will carry an initial rate of about 10.5 percent, the New York Times said. Creditors including Boston-based hedge fund Baupost Group LLC, CapRe, Centerbridge Partners LP, Oaktree Capital Management LLC, Pacific Investment Management Co. and Silverpoint Partners agreed to provide the money, the Financial Times reported. Source:

20. July 20, Los Angles Times – (California) FDIC takes over Vineyard Bank and Temecula Valley Bank. Two failed Southern California banks will reopen on July 20 under new owners, after the Federal Deposit Insurance Corp. took control of them on July 17. Vineyard Bank of Corona, which has 16 branches, was sold to California Bank & Trust of San Diego, the FDIC said. Separately, Temecula Valley Bank of Temecula and its 11 branches were sold to First Citizens Bank and Trust of Raleigh, North Carolina. Both Vineyard and Temecula Valley have been careening toward collapse for the last year amid huge losses on loans related to real estate. Vineyard had assets of $1.9 billion as of March 31, the FDIC said. Temecula Valley’s assets were $1.5 billion as of May 31. All deposits of the two banks, except those brought in by brokers, will be transferred to the acquiring banks. As often occurs in small-bank failures, the FDIC will pay off the brokered deposits, which tend to be so-called hot money that was looking for above-average yields on savings certificates. The demise of Vineyard and Temecula Valley brings the total number of failed U.S. banks this year to 57, including eight in California. Source:,0,7301936.story

21. July 17, Wall Street Journal – (Georgia; South Dakota) Regulators shut Bankfirst and First Piedmont Bank. South Dakota banking regulators on July 17 closed Sioux Falls-based BankFirst, marking the 55th bank failure of 2009 and the second of July 17. The Federal Deposit Insurance Corp. was named receiver and said all deposits of the failed bank would be acquired by Alerus Financial N.A. of Grand Forks, North Dakota. BankFirst’s two branches are scheduled to reopen on July 20 as branches of Alerus Financial. The FDIC said BankFirst had total assets of $275 million and total deposits of $254 million as of April 30. Alerus Financial plans to purchase $72 million in assets from the failed bank. Separately, the FDIC has struck a deal with Beal Bank Nevada to purchase $177 million in loans from BankFirst. The FDIC expects BankFirst’s failure to cost its deposit insurance fund an estimated $91 million. Earlier on July 17, Georgia regulators closed First Piedmont Bank, brokering a deal for its deposits to be acquired by First American Bank and Trust Co. of Athens, Georgia. First Piedmont had total assets of $115 million and total deposits of $109 million as of July 6. Source:

Information Technology

39. July 20, Money Times – (International) Mozilla denies vulnerability as exploitable in new version of Firefox. A flaw discovered in the new version of Firefox is not exploitable, said Mozilla on July 19, responding to reports of another susceptibility in the browser. The vulnerability, originates from the software’s Unicode text handling system which let a remote attacker to execute arbitrary code through Web sites Mozilla on July 17 had announced the availability of Firefox 3.5.1 to fix a critical security vulnerability traced in the browser’s new TraceMonkey JavaScript engine. But reports by security researchers at the Internet Storm Centre revealed vulnerability in Firefox 3.5.1 which might lead to code injection. BM Internet Security Services and the National Vulnerability Database have reported vulnerability as critical. The vulnerability, originates from the software’s Unicode text handling system which let a remote attacker to execute arbitrary code through Web sites. If the visitor hits the affected page, the software breaks downs, launching denial of service attack. There is no defense available at the moment other than deactivating Java script which is not practical for many web users. Source:

40. July 17, The Register – (International) Clever attack exploits fully-patched Linux kernel. A recently published attack exploiting newer versions of the Linux kernel is getting plenty of notice because it works even when security enhancements are running and the bug is virtually impossible to detect in source code reviews. The exploit code was released on July 17 by an individual who works for grsecurity, a developer of applications that enhance the security of the open-source OS. While it targets Linux versions that have yet to be adopted by most vendors, the bug has captured the attention of security researchers, who say it exposes overlooked weaknesses. Linux developers “tried to protect against it and what this exploit shows is that even with all the protections turned to super max, it’s still possible for an attacker to figure out ways around this system,” said a senior security researcher at Immunity. “The interesting angle here is the actual thing that made it exploitable, the whole class of vulnerabilities, which is a very serious thing.” The vulnerability is located in several parts of Linux, including one that implements functions known as net/tun. Although the code correctly checks to make sure the tun variable does not point to NULL, the compiler removes the lines responsible for that inspection during optimization routines. The result: When the variable points to zero, the kernel tries to access forbidden pieces of memory, leading to a compromise of the box running the OS. Source:

41. July 17, Government Computer News – (National) Trust but verify: Security risks abound in the IT supply chain. With one in 10 information technology products on the market considered counterfeit, and software products developed across the globe at risk of subversion, it is hard to overstate the national security concerns regarding the use of IT products delivered through the global supply chain. The cyber security risks inherent in the Federal Government’s procurement of and reliance on IT hardware and software from various non-pedigreed sources have been well reported. This article — prepared collaboratively by members of the International Information Systems Security Certification Consortium’s Government Advisory Board Executive Writers Bureau — explores various cyber risks to the IT supply chain, which include theft of intellectual property, logic bombs and self-modifying code, deliberately hidden back doors and features for unauthorized remote access, as well as risks from fake or counterfeit products. Source:

42. July 17, The Register – (International) Memory-hogging bug offers universal browser crash exploit. Security researchers have published details of a security flaw that can crash multiple browsers across multiple platforms. There are many more flaws out there that are more serious, but the security shortcomings in JavaScript’s DOM (Document Object Model) are nonetheless noteworthy because the issue affects Firefox, Safari, Opera, Chrome and Internet Explorer to a lesser or greater extent. Even smartphones, such as the iPhone and Nokia N95, as well at the Sony PS3 might be forced to crash using the approach, obliging users to reset devices. The flaw works by tricking a browser into allocating huge chunks of memory, behavior likely to result in a crash. Using JavaScript’s DOM (Document Object Model) to create a selection menu on a web page with a very high value sets up the trick. H Security explains that the coding trickery results in a huge allocation of memory. This is not in itself a problem if the memory area is defined as read only, but problems arise in the many cases where browsers fail to stop overwrites, leading to two processes trying to get at the same portion of memory at the same time and therefore provoking browser crashes. The flaw presents a browser crash rather than malware injection risk in all cases. Crashing is most easily achieved on IE, with all versions of Microsoft’s browser affected. Versions of Ubuntu running Konquerer might be forced to reboot if exposed to attacks based on the bug because of a memory management failure issue. Source:

Communications Sector

43. July 19, – (Ohio) Cable, electric outages affect thousands of customers. Electric and cable outages on July 19 affected 25,550 American Electric Power and Time Warner Cable customers. A spokeswoman for American Electric Power said at 7:29 a.m. a transmission line went out of service after substation equipment was damaged by an animal. He said 8,000 AEP customers were affected, but power was restored by 11:30 a.m. A communications manager at Time Warner Cable said at 7:30 a.m. a commercial power outage at the Lima office set off a chain of events that caused an outage that affected 17,500 customers. Service was restored at 12:30 p.m. Source:

44. July 19, – (New York) Mistake cuts off Verizon customers in Lynbrook. The phone has gone dead for several hundred Verizon customers in the Lynbrook area after a contractor working for National Grid mistakenly sawed through three of the communication company’s underground telephone lines on July 15. The contractor working at Ryder Avenue and Rolling Street in Malverne dug into three large Verizon telephone cables, severing them and putting about 300 Verizon customers out of service, said a Verizon spokesman. He said he hoped service would be restored the week of July 20. A spokeswoman for National Grid said the Verizon lines were not marked on a diagram of underground cables the contractor used to determine where to dig. The agencies are working together to determine how the mishap happened, the spokeswoman said. Source:,0,3689644.story