Department of Homeland Security Daily Open Source Infrastructure Report

Thursday, August 20, 2009

Complete DHS Daily Report for August 20, 2009

Daily Report

Top Stories

 The New London Day reports that a 21-year-old man with a history of mental illness was charged last month with tampering with fire hydrants in Colchester, Connecticut and illegal bomb-making. A friend of the accused called police on July 29 and said the accused had been talking about adding a chemical to a public water supply and was making explosives in his garage. (See item 19)

19. August 18, New London Day – (Connecticut) Police say bomb suspect wanted to tamper with water supply. A 21-year-old man with a history of mental illness and an obsession with fire and explosions had moved back into his parents’ home in Colchester, Connecticut for just three weeks before he was charged last month with tampering with town fire hydrants and illegal bomb-making. A friend of the accused called police July 29, the same day the town’s water department discovered that somebody had tampered with a fire hydrant on Lebanon Avenue, releasing 314,000 gallons of water. The friend told police the accused had been talking about adding a chemical to a public water supply and was making explosives in his garage. The next day, the state police bomb squad executed a search warrant on the detached garage at Walker’s parents’ home on Elm St. They seized a form of homemade napalm and bomb-making materials and arrested the man at the scene. He was arraigned Friday in Superior Court in Norwich on charges of attempted manufacture of illegal bombs, four counts of first-degree criminal mischief, third-degree larceny, first-degree reckless endangerment, two counts of second-degree breach of peace and sixth-degree larceny. He is being held on $100,000 in bonds at the Corrigan Correctional Institution. His case was transferred to the New London court where major crimes are heard and continued to August 31. He admitted to using a pipe wrench to open fire hydrants in the area, saying he had “heard about it being done and wanted to see how difficult it was,” according to an arrest warrant affidavit. He also admitted to buying materials to build pipe bombs and making and detonating two other types of bombs — one made with an empty CO2 cartridge and another with Drano, the drain clog cleaner. The water department found one of the hydrants had been pressurized, a condition that is potentially dangerous to somebody servicing the hydrant. Source:

 According to the Knoxville News Sentinel, an “operational emergency” was declared Tuesday at Oak Ridge National Laboratory in Tennessee after a spill of 50 to 100 gallons of a nitric acid solution at a waste-processing facility. As a precaution, thousands of lab employees were told to “shelter in place” while the situation was evaluated. (See item 23)

23. August 19, Knoxville News Sentinel – (Tennessee) No injuries in nitric acid spill at ORNL; recovery operations over next few days. An “operational emergency” was declared Tuesday at Oak Ridge National Laboratory after a spill of 50 to 100 gallons of a nitric acid solution at a waste-processing facility. As a precaution, thousands of lab employees were told to “shelter in place” for a couple of hours in the morning while the situation was evaluated. The emergency status was terminated by mid-afternoon. A U.S. Department of Energy spokesman said the spill occurred when a solution of 60-65 percent nitric acid was being off-loaded from a 4,000-gallon tanker truck into a holding tank at Building 3544. The nitric acid is used for processing of low-level nuclear waste at the building, which is managed by Bechtel Jacobs Co. The spokesman said four workers were evacuated from the building and moved to the lab’s cafeteria. No one was injured, and there was no release to the environment, he said. The nitric acid that overflowed from the tank was contained in the building’s sump, scrubber and filter pit, the spokesman said. DOE and its Oak Ridge contractors plan to complete the recovery operations “over the next few days” and return the building to normal operations, he said.



Banking and Finance Sector

8. August 19, Washington Post – (International) Swiss Bank UBS to divulge at least 4,450 account names. A deal finalized on August 20 between the United States and Switzerland paves the way for a potentially historic disclosure of Swiss bank secrets—the names of thousands of Americans suspected of using secret accounts to hide money from the IRS. Under the agreement, UBS, Switzerland’s largest bank, is expected to turn over the names of Americans who controlled 4,450 accounts that are currently open or have been closed. The secret accounts at one point held as much as $18 billion, the IRS said. “We will be receiving an unprecedented amount of information,” the IRS Commissioner told reporters on August 19. The settlement follows a long-running effort by the U.S. government to penetrate Swiss bank secrecy and catch tax evaders. The U.S. government had been seeking a federal court order demanding that Swiss banking giant UBS identify the holders of 52,000 accounts. The Swiss government vowed to prevent such a disclosure, leading to weeks of negotiations. Switzerland was fighting to preserve the reputation for privacy that has made its banking industry a global powerhouse and a pillar of the Swiss economy. The deal includes concessions that might make it easier for Switzerland to argue that its tradition of secrecy survived the battle. Source:

9. August 18, Dow Jones Newswires – (National) NY Fed, FDIC see threats posed by CIT. The Federal Reserve Bank of New York and the U.S. Federal Deposit Insurance Corp. at last appear to be getting to grips with CIT Group Inc. That they recognize the threats posed by the company should be a lesson to Wall Street firms. The N.Y. Fed last week ordered CIT report daily cash positions and daily client funding, some weeks after the FDIC had issued a cease and desist order against CIT Bank prohibiting it from accepting brokered deposits and requiring it to submit a capital plan. In their second-quarter earnings calls, leaders of various investment banks unequivocally dismissed their risk exposures to CIT. Such confidence looked misplaced, for CIT has complex and opaque financial relationships. In some cases, CIT advances funds against the accounts receivable it buys from small businesses. In others, it provides trade credit, protecting clients against payment default by their customers. Small businesses are incented to use a factor such as CIT for trade credit with bank financing, owing to the interest expense savings. A sample of bank loans collateralized by cash flows factored by CIT suggests that such arrangements reduce the small businesses’ funding spreads to Libor by 30 percent relative to the cost of financing through CIT in connection with factoring. CIT appears unaware of systemic risk resulting from its position as the nexus between small businesses and the banking system. No one from the company was available for comment. Source:

For another story, see item 35, below in the Information Technology Sector

Information Technology

32. August 19, The Register – (International) Old-school virus threatens Delphi files. Virus writers have gone old school with the creation of a virus that infects Delphi files as they are built. When a Delphi file infected with Induc-A virus is run, it searches for Delphi programming installations on an infected machine and attempts to infect this installation. More specifically, the malware attempts to infect SysConst.pas, which it then compiles to SysConst.dcu. Once this process is completed the SysConst.dcu file is programmed to add the Induc-A virus to every new Delphi file that gets compiled on the system. Even the vast majority of computer users that are not Delphi developers can be affected by running programs written in Delphi that happen to have been contaminated. Up until August 18 the labs at Sophos have received more than 3,000 infected files, submitted by users who have found infections. “This makes us believe that the malware has been active for some time, and that a number of software houses specialising in developing applications with Delphi must have been infected,” writes a senior technology consultant at Sophos. Examples of infections have included applications described as “a tool for downloading configuration files onto GSM modules” and “a compiler interface that operates between our third-party design software and our CNC woodworking machinery.” Source:

33. August 19, Information Management Online – (International) Ghosts in the machine: Attacks may come from inside computers. The next wave of hacking into computers and stealing data will not be requests or code coming from remote points across the Web, security experts are warning. Instead, the most sophisticated Trojan Horses appearing on Wall Street financial systems may be threaded into the silicon of integrated circuits by design, their malicious instructions baked right into the tiny physical aspects and intricate mapping of the chip itself, according to scientists and academics working with the National Institute of Standards and Technology, the White House and the Financial Services Information Sharing and Analysis Center in Dulles, Virginia. Detecting such malware after a chip is fabricated will be extremely difficult, if not impossible, these experts say, because the microchips that run servers have millions to billions of transistors in them. Adding a few hundred or even just tens of transistors can compromise an integrated circuit can serve attackers’ purposes and escape notice. “You can never really test every single combination on the chip. Testing a billion transistors would take a very long time. It would be very difficult to detect hardware Trojans without having some idea of what you’re looking for to begin with,” said a associate professor of electrical engineering at the University of Arkansas, co-author of a 2007 paper which described a “Hardware Threat Modeling Concept for Trustable Integrated Circuits.” Tweaking chips themselves will make them prone to manipulate data, shut down a critical function, or turn a system into a bugged phone that steals and relays vital information, the experts say. To combat the threat, the National Institute of Standards and Technology (NIST), the federal government’s technical standards laboratory, is releasing in September an inter-agency report meant to serve as the first set of best practices for government and industry to mitigate security risks to hardware included in the IT supply chain. Source:

34. August 18, The Register – (International) Adobe patches ‘critical’ flaws in ColdFusion, JRun. Adobe Systems has released updates that patch vulnerabilities in two widely used web development applications, several of which let attackers steal sensitive data or take complete control of users’ machines. In all, the patches fix seven flaws in versions 8.0.1 and earlier of ColdFusion and JRun 4.0. The most serious of them are XSS, or cross-site scripting, bugs that allow attackers to execute malicious code on an underlying system by supplying a target with a booby-trapped web link. Adobe engineers also fixed a separate management console flaw. It allowed unauthenticated users to traverse restricted directories, a vulnerability that could lead to information disclosure. Proof-of-concept code released August 18 showed the flaw could be exploited using a URL. Source:

35. August 18, – (International) SQL Injection continues to trouble firms, lead to breaches. SQL Injection, one of the most basic and common attacks against websites and their underlying databases, offer an easy entry point for cybercriminals, according to security experts. The hackers responsible for the largest data security breach in U.S. history allegedly used a SQL Injection attack. The coding error was cited as the starting point in the indictment handed down against a Miami man and two Russian hackers, enabling them to allegedly bilk Heartland Payment Systems Inc. and Hannaford Brothers Co. of more than 130 million credit and debit card numbers. But security experts say that while SQL Injection errors are relatively easy to find, as simple as finding a poorly coded input field in a Web form, they are often difficult and costly to fix. A vulnerability scan is likely to turn up thousands of errors that lend themselves to SQL Injection, said the chief technology officer of Citigal Inc., a software security and quality consulting firm. New defenses for automated SQL injection attacks: By automating SQL injection attacks, hackers have found a way to expedite the process of finding and exploiting vulnerable websites. “Sometimes there’s one problem that results in a thousand possible cross-site scripting issues and if you fix that problem they’ll all be fixed, but that’s not always the case,” the chief technology officer said. “There been a lot of bugs that built up behind the dam and now we’re seeing the dam starting to rumble.” Source:,289142,sid14_gci1365263,00.html

Communications Sector

36. August 17, – (National) United States spending billions to become a broadband nation. With the state’s help, an increasing number of residents in rural Washington County in Down East Maine are using high-speed Internet connections to run their blueberry farms and lobster fleets, educate their children and communicate with doctors from remote areas. But it is a large county and its 34,000 residents are spread out: At twice the size of Rhode Island, it takes four hours to cross in a car, and yet there is only one traffic light. That means it is slow going for local Internet provider, Axiom Technologies, which is working town by town to set up wireless access points, sometimes serving as few as 12 households per connection. Axiom maxed out financially some time ago to expand on its own, even as other towns asked to join the broadband network. The state stepped in and awarded Axiom grants of $750,000 over the last three years, said the company CEO. “With 38 additional towns, by the end of 2009, we will have created an umbrella over all 2,500 square miles” of the county, the CEO said. Maine gives out about $1 million about every 10 months to help its residents get high-speed Internet connections. In July, it approved nine projects costing the state almost $800,000 to get 5,000 families hooked up. States across the country have pursued similar efforts toward creating statewide broadband policies and better access for their residents. But their scale pales in comparison to the $7.2 billion in stimulus money the federal government has committed over the next two years to improve high-speed Internet connections around the country. Every state is supposed to get a share, and every governor will get a chance to weigh in on how the funds are spent. In this wash of new money, state officials are scurrying to identify the states’ greatest needs, coaching providers applying for stimulus money and developing overarching plans for how to roll out expanded service. Source: