Department of Homeland Security Daily Open Source Infrastructure Report

Monday, February 8, 2010

Complete DHS Daily Report for February 8, 2010

Daily Report

Top Stories

 According to the Associated Press, the Vermont Department of Health says levels of radioactive tritium in groundwater samples taken at Vermont Yankee nuclear plant in Vernon have skyrocketed again — to 2.7 million picocuries per liter. The federal safety standard for consumption is 20,000 picocuries per liter. (See item 8)

8. February 5, Associated Press – (Vermont) Tritium levels skyrocket again at Vermont Yankee. The Vermont Department of Health says levels of radioactive tritium in groundwater samples taken at Vermont Yankee nuclear plant have skyrocketed again — to 2.7 million picocuries per liter. The nuclear plant, located in Vernon in Vermont’s southeastern corner, is now monitoring drinking water wells on site and the Connecticut River on a daily basis, although the radioactive isotope has not been found in either. Tritium has been linked to cancer when ingested in large amounts. The federal safety standard for consumption is 20,000 picocuries per liter. State health officials say underground piping could be leaking the substances, which was first discovered at Vermont Yankee on January 7. Source:

 CNN reports that hundreds of flights were canceled February 5 because of the winter storm moving into the mid-Atlantic region over the weekend, and state highway agencies urged motorists to avoid travel. (See item 13)

13. February 5, CNN – (Mid-Atlantic) Flights cancelled, highway crews mobilized in northeastern U.S. It is going to be a rough weekend for travelers in the mid-Atlantic. Hundreds of flights have been canceled because of the winter storm moving into the region, and heavy snow and white-out conditions predicted for some areas will make roads dangerous. Flight operations in the Washington area — at Reagan National and Dulles International airports — were wrapping up Friday afternoon, according to the Metropolitan Washington Airports Authority Web site. Many airlines canceled Friday evening flights earlier in the day, and most Saturday flights into the airports have been canceled, the site said. Friday morning, runways at both airports were pretreated to help prevent snow and ice buildup. Delta Air Lines had canceled more than 200 Delta and Delta Connection flights in the mid-Atlantic region by Friday morning. The airline will have no operations into Washington, Baltimore, Maryland, and Philadelphia, Pennsylvania, airports on Saturday. Nearly 400 United and United Express flights were canceled early Friday. State highway agencies are urging motorists to avoid travel. “It’s best to avoid unnecessary trips. Stay off the roads if at all possible for your safety, as well as ... it enables the crews to do a better job having unfettered access to the roads,” said a spokesman for the Department of Transportation in New Jersey, where crews have pretreated some roads with a brine solution, and nearly 2,000 vehicles are available to work on clearing roads. The Virginia Department of Transportation, which is still finishing cleanup efforts from earlier storms, is treating roads with de-icing chemicals and restocking sand and salt to prepare for the storm. Source:


Banking and Finance Sector

10. February 5, The Register – (International) Spooks scour gambling sites in terror finance probe. The security services are running 23 ongoing investigations into the exploitation of gambling websites to finance terrorism. The revelation shows the online gaming industry is still vulnerable, and a prime target for criminals and terrorists, even after being at the center of the conviction of the man described as the “godfather of cyber-terrorism for al-Qaida” and two of his associates back in 2007. The three men convicted, for inciting people to commit murder through their extremist websites used Windows-based Trojans to steal information such as credit card numbers, and then laundered them using the gambling sites. Between them they received sentences totaling 38 years (extended from an original 24 by the Court of Appeal). The convictions were highly publicized, but what was revealed at the ‘Combatting Cybercrime in Betting and Gaming 2010 Conference’ in London last week was the scale of ongoing investigations into terrorism financing, and that one of those convicted had been accessing 17 gaming sites while in Belmarsh prison. It also came to light that on an unnamed credit card company’s database, all three men came up as clients, along with 17 others whose date of birth, nationality and first name matched the convicted three. Together they still had 190 pre-paid credit cards still in circulation, with balances of 10,000 pounds on each card. Source:

11. February 4, WWJ 950 Detroit – (Michigan) State shuts down fake mortgage company. State officials have shut down a fake Detroit mortgage company that they say was trying to steal consumers’ money and identity. The Office of Financial and Insurance Regulation pulled the plug on the phony company’s website, called “Kenneth and Doyle Financial,” and ordered it to stop doing business. Officials say the company was encouraging customers to apply for loans by providing personal information including social security and financial account numbers. “OFIR will continue to make it our business to put these fake financial companies out of business,” said the commissioner of OFIR in a statement. “This was most likely an advance fee scam, where consumers are lured into paying upfront fees for services they never get in return.” Source:

12. February 4, KMBC 9 Kansas City – (Kansas) Phone scam targets some KC Bank customers. Officials at Security Bank of Kansas City said there is a telephone scam targeting its customers. An automated phone call asks the customer for their debit/ATM card number, expiration date and personal identification number. A news release said the call specifically states that it is Security Bank calling and that the customer’s card has been compromised and needs to be deactivated or that the customer needs to activate a new card. The bank said it has had several reports of non-customers inquiring why Security Bank of Kansas City is calling them. Source:

Information Technology

37. February 5, – (International) Top search results riddled with malware. Internet users are being lulled into a false sense of security by search results, and may click on links that are popular but infected with malware, according to a new report from Websense. The security firm said in its latest State of Internet Security report that malware writers upped their efforts to get noticed late last year and are manipulating search results to drive traffic in their direction. Almost 14 percent of searches for current “buzz words”, such as celebrities or current events, lead to malware sites or links, the report said. More worrying is the finding that 71 percent of pages found to be infected were legitimate sites that had been poisoned in some way. Websense reported growth of 225 percent in malicious web sites over the second half of last year. Web 2.0 sites also proved popular with malware writers. Websense said that 95 percent of comments on blogs were spam or led to malicious pages. Spam managed to swallow up all but 14 percent of email traffic. Source:

38. February 5, The Register – (International) ZeuS tracker shrinks takedowns from days to minutes. A site dedicated to tracking the infamous ZeuS botnet is celebrating its first birthday. In the twelve months since the ZeuS Tracker was born, on February 2, 2009, the site has tracked more then 2,800 malicious botnet command and control servers associated with ZeuS. The site has logged around 360MB ZeuS config files and 330MB in binaries. Thanks to the work of the volunteers and security consultancies, such as Team Cymru, that have contributed to the project, a ZeuS control hub can sometimes be taken down in minutes. Local CERTs, registrars and ISPs subscribe to the list compiled by ZeuS tracker to identify and take-down suspect domains. More recently, ZeuS Tracker data has been integrated into the suspect blocklist of commercial products, as explained in a post celebrating the anniversary of the ZeuS tracker on The ZeuS family of malware threats collectively make up the nastiest and most prolific banking Trojans doing the rounds. Fraudsters behind ZeuS variants are pushing the bounds of malware malfeasance. Source:

39. February 5, TechWorld – (International) iPhone apps could spy on you, says researcher. Apple’s claims about iPhone privacy and security are exaggerated, according to software engineer and a security expert who gave a presentation February 4 about the iPhone at the Black Hat Conference in DC. The expert’s presentation revealed how easy it is for malicious programmers to create apps that can actually make spying on the user incredibly easy. Apple’s sandboxing technology restricts iPhone applications to operating system resources with a list of deny/allow rules at the kernel level, but these and other permissions are “way too lose” and “Apple should not claim that an application cannot access data from another application,” said the expert, who works as an iPhone programming trainer at a company called Sen:te. He noted a number of iPhone apps, including one called Aurora Feint and another called mogoRoad that made it into Apple’s App Store before being de-listed for privacy violations involving the harvesting of iPhone users’ contacts, emails and phone numbers. Apple reviewers can be fooled, and the likelihood of this continuing to occur appears high, especially as the iPhone, now at about 34 million devices in the market, becomes an increasingly appealing target for hackers, he said. Source:

40. February 5, – (National) U.S. Cybersecurity Enhancement Act sails through House. The Cybersecurity Enhancement Act has been passed by the U.S. House of Representatives by a huge margin. The 422:5 vote was higher than expected, and should make it easier to pass through the Senate. The legislation calls for the National Science Foundation (NSF) to spend $396m over the next four years to fund cyber security research. The NSF will be awarded $94m to fund scholarships into security research, on the proviso that those who receive them work in the public sector for the same number of years as their studies. The National Institute of Standards and Technology, meanwhile, will develop a strategic plan for national security within a year, and build partnerships with the security industry. It will also set out technical security standards for the industry as a whole. Federal agencies spend $6bn annually on cyber security to protect a $72bn IT infrastructure, according to the Office of Management and Budget. The Federal government funds $356m in cyber security research each year. “Critical infrastructures ranging from electrical grids, to oil production facilities to telecoms and transportation networks are under constant attack from cyber criminals,” said the chief technical officer at McAfee. Source:

41. February 4, Computerworld – (International) Microsoft slates colossal Windows patch next week. Microsoft on February 4 said it will deliver a record-tying 13 security updates on February 9 to patch more than two dozen vulnerabilities in Windows and Office. The company will ship a total of 13 updates; five of them pegged “critical,” the highest threat ranking in its four-step scoring system. The 13 updates will tie the record from October 2009, when Microsoft issued the same number of bulletins, but fixed a total of 34 vulnerabilities. According to a senior manager with the Microsoft Security Response Center (MSRC), the updates will patch 26 flaws. Of the eight updates not marked critical, seven were ranked “important,” the next-lower rating, while one was pegged “moderate.” Eleven of the 13 will affect one or more editions of Windows; the remaining pair will affect Office XP and Office 2003 on Windows, and Office 2004 for Mac. Source:

Communications Sector

42. February 5, St. Petersburg Times – (Florida) Road work cuts Verizon service to 1,500 Pasco customers. About 1,500 Verizon customers lost service overnight after road construction crews severed a telecommunications cable. The cable was cut on February 4 as crews bored about nine feet below the road at State Road 54 and Wesley Brook Drive, just east of Interstate 75, a Verizon spokesman said. That cut off Verizon phone, television and Internet service to about 1,500 central Pasco customers, the spokesman said. Verizon crews have already restored service to some of those customers, and plan to have the cable fully repaired by about noon on February 5, he said. The cable cut also disrupted service to cell phone users on various networks, he said, but that service was restored “almost immediately.” Source:

43. February 4, WTAQ 1360 Green Bay – (Wisconsin) Some public TV viewers may have trouble tuning in. Some viewers of Wisconsin Public Television in northeastern Wisconsin may be having trouble tuning in. The service rents space on a tower from commercial station WBAY. Faults in the transmission line were discovered over the weekend, taking the stations off the air for a time. Both WPNE and WBAY are operating at 25 percent power. People who live on the fringes of the stations’ coverage area and get a signal over the air may not get reception. The director of Engineering for the Educational Communications Board says most cable and satellite providers are able to transmit the main channel 38, but several High Definition channels on some services are out. The director does not know when the problem on the tower will be rectified. Source: