Thursday, January 27, 2011

Complete DHS Daily Report for January 27, 2011

Daily Report

Top Stories

• The Wilkes-Barre Times Leader reports that a steam leak led to a shutdown of one of two nuclear reactors at the Susquehanna Steam Electric Station near Berwick, Pennsylvania, January 26. (See item 8)

8. January 26, Wilkes-Barre Times Leader – (Pennsylvania) Leak shuts down nuke reactor. The nuclear power plant near Berwick, Pennsylvania, will likely move up a notch on the Nuclear Regulatory Commission’s (NRC) watch list and be subject to increased scrutiny after a steam leak January 25 led to a shutdown of one of the plant’s two reactors. PPL’s chief nuclear officer stressed there were no injuries and that all safety equipment functioned as designed during the shutdown. Plant operators at PPL’s Susquehanna Steam Electric Station decided to shut down reactor Unit 1 at 6:10 a.m. after they discovered steam leakage in an area where water is preheated before being fed into the reactor, the NRC Public Affairs Officer for Region I said. Operators decided to scram the reactor — manually shut it down — after determining the leak could not be isolated and the portion of the system with the leak could not be removed from service without affecting other plant systems, the NRC official said. Source:

• New maps show that should the Lake Maloney dam in North Platte, Nebraska rupture, flooding could be much more extensive than originally thought, according to the North Platte Telegraph. (See item 62)

62. January 26, North Platte Telegraph – (Nebraska) If dam breaks, flooding could be extensive. New maps show a bigger area than originally thought would be affected should Lake Maloney’s north wall rupture. A Nebraska Public Power District media relations specialist said the dam in North Platte is safe, but the Federal Energy Regulatory Commission requires a plan be in place to identify and address any issues that could potentially occur. Local emergency management officials have been briefed about changes to areas that could be affected and the length of time it could take water to enter those areas. The media relations specialist said the maps that were used were made in the 1990s and were updated yearly. They showed water could flow up to the south side of the airport. New versions, created with more sophisticated modeling software, were made available in December to emergency responders. They show water around Newberry Access, the airport and the wastewater treatment plant east of North Platte. Inspections of the dam and canal system are conducted daily. Repair work wrapped up on the dam last spring after underwater cameras detected areas that needed reinforcement. The media relations specialist said the wall was not in danger of rupturing, but the lake was drained for closer examination. The result was steel pilings were inserted on the water side of the wall and concrete was placed behind the pilings. Source:


Banking and Finance Sector

11. January 26, Help Net Security – (National) Hedge funds unprepared for cyber attack. With details trickling in about how the sophisticated Stuxnet computer worm derailed years of work on Iran’s nuclear program, many seasoned observers are left to wonder what might happen if such a powerful weapon were ever turned against the nearly $2 trillion hedge fund industry. On January 26, Alphaserve Technologies, IT advisor to many of the world’s largest hedge funds, offered potential solutions to an industry it perceives as ill-prepared when compared to big banks and other financial institutions. Most hedge funds have protected themselves from external security breaches for years, but today’s managers must protect themselves not only from the outside in, but rather from the inside out, contends the CEO and CTO of Alphaserve Technologies. The everyday, internal activities of employees accessing the Internet, e-mail, Skype, and other information provide ideal channels for worms, malicious software and dishonest employees to siphon off confidential information and do harm. New technologies like Digital Loss Prevention (DLP) software and deep packet inspection firewalls can look inside the Internet channel for any corporate data leaving the company and stop intentional or unintentional illicit transfers of information. Surprisingly though, many marquee names in the hedge fund industry do not have this essential protection even though some are in the process of adopting it, the CEO said. Source:

12. January 26, Petoskey News-Review – (Michigan) Phone and e-mail scams sweep through Northern Michigan. The Michigan State Police Petoskey Post is reporting a new phone scam has emerged in northern Michigan, targeting elderly residents. According to a police spokesman, in the last week-and-a-half alone, two to three dozen residents have reported this scam. Typically, the residents are receiving a phone call informing them their grandchild, who is in the military, has been injured, robbed, or arrested in England. They are then asked to wire $2,800 overseas to help out. The police spokesman said residents should be aware that this scam can be believable. “They often have the name of these people’s grand kids and what branch of military they’re in,” he said. “These people have really done their homework.” In addition to this scam, he said a resident from Petoskey reported she had recently received an e-mail from an old high school friend who told her that she and her family were on vacation in England and were mugged outside their hotel. Source:,0,7621784.story

13. January 26, – (National) Internal fraud and dollar losses. Internal fraud is one of the financial-services industry’s most threatening types of fraud. Industry experts ranked it as one of the top 9 security threats banks and credit unions will face in 2011. A senior analyst with Aite Group and author of the report, “Internal Fraud: The Devil Within,” said internal fraud damages an institution’s reputation, is often difficult to detect and is getting more prevalent, now that organized crime has figured out how easy it is to “plant” employees who are more than willing to steal internal information. “Banks and credit unions need to invest more in detection technology,” the analyst said, adding internal fraud at most banks and credit unions is under-reported, if detected at all. The analyst’s research found that institutions that rely on detection systems to catch internal fraud report higher losses, averaging about 10 percent, while institutions relying on manual techniques said internal fraud losses account for only about 4 percent of overall losses. “I think the number is probably closer to 10,” the analyst said. “Those that use technology are catching more.” Source:

14. January 26, Associated Press – (Vermont) Georgia, Vt., bank robbery suspect arrested. Authorities in Burlington, Vermont, have arrested two men wanted in an armed bank robbery in the Vermont town of Georgia. Burlington Police and U.S. Marshals arrested a 30-year-old male from St. Albans and a 37-year-old male from Swanton January 26 after a short chase. The 30-year-old suspect is accused of robbing the People’s Trust Bank January 24 and making off with an undisclosed amount of cash. He is expected to be arraigned January 26 on charges of assault and robbery. The 37-year-old male will be charged with being an accessory. Vermont State Police said tips from the public helped lead to the arrests. Source:

15. January 25, Softpedia – (International) New phishing campaign targets ‘First Data’ merchant accounts. Researchers from e-mail security vendor AppRiver warn about a phishing campaign that targets merchant accounts from a payment processing vendor called First Data. The pool of phishing attacks targets online banking accounts, credit card information, personal details, and other online accounts. Scams aimed at merchants are not very common. “Once the hacker has gained access to the First Data account they will likely have gained control over that specific merchants account,” warned a security researcher at AppRiver. First Data is an Atlanta, Georgia-based provider of online and on-site payment solutions which caters to merchants, financial institutions, and government agencies. Source:

Information Technology

46. January 26, CNN Money – (International) Mark Zuckerberg’s Facebook page hacked. The fan page of Facebook’s founder and CEO was hacked January 25. The message that appeared on the page under his name read: “Let the hacking begin: If facebook needs money, instead of going to the banks, why doesn’t Facebook let its users invest in Facebook in a social way? Why not transform Facebook into a ‘social business’ the way Nobel Price winner ... described it? http://bit(dot)ly/fs6rT3 What do you think? #hackercup2011.” The message received more than 1,800 “likes” before it was removed from the page. The unsettling breaches raise questions about the company’s security. “Mark Zuckerberg might be wanting to take a close look at his privacy and security settings after this embarrassing breach,” a senior technology consultant at Sophos, wrote on the security protection site. “It’s not clear if he was careless with his password, was phished, or sat down in a Starbucks and got sidejacked while using an unencrypted wireless network,” he said. “However it happened, it’s left egg on his face just when Facebook wants to reassure users that it takes security and privacy seriously.” Source:

47. January 26, Computerworld – (International) Intel developing security ‘game-changer’. Intel’s chief technology officer said the chip maker is developing a technology that will be a security game changer. He told Computerworld January 25 that scientists at Intel are working on security technology that will stop all zero-day attacks. And, while he would give few details about it, he said he hopes the new technology will be ready to be released in 2011. He noted the technology will not be signature-based. Signature-based malware detection is based on searching for known patterns within malicious code. The problem, though, is that zero-day, or brand-new, malware attacks are often successful because they have no known signatures to guard against. Intel is working around this problem by not depending on signatures. Source:

48. January 26, The Register U.K. – (International) Man knows when you’re signed in to GMail, Twitter, Digg. A Nottingham, United Kingdom-based Web developer has figured out a simple way to tell if visitors to his site are logged in to Gmail, Facebook, Twitter, Digg, and thousands of other Web sites. One method the man developed makes use of status codes returned by many sites, which differ depending on whether a user is logged in or not. By embedding a small piece of JavaScript that contains a link to one of the sites he is curious about, he can immediately tell if a visitor is logged in. The method works reliably for Twitter, Facebook, and Digg when visitors are browsing with Firefox, Safari, or Chrome. It does not work when visitors are using Internet Explorer or Opera. The exploit works by identifying the HTTP status code returned when the visitor’s browser encounters the link in the man’s script. A 200 code, indicating the request was successfully fulfilled, indicates the person is not logged in, while 404, 500 and other error codes indicate the opposite. Source:

49. January 25, Softpedia – (International) Bagle overtakes Rustock as primary spam source in January. According to the January spam report from Symantec’s

MessageLabs hosted services arm, the Bagle botnet overtook Rustock as the primary source of spam traffic for January. Rustock was the dominant spam botnet in 2010 and was responsible for 47.5 percent of all spam e-mails. M86 Security estimates that at its peak, Rustock accounted for nearly 60 percent of the world’s spam, but its activity started to wind down in October when Spamit, the world’s largest rogue pharmacy affiliate program, closed down. The botnet baffled researchers when it stopped spamming entirely December 25 and remained silent until January 10, however, this was probably due to the winter holidays in Russia. Rustock returned in force since then, but did not make up for the lost start, which allowed Bagle to jump in front. “Since its return, Rustock has accounted for approximately 17.5 percent of all spam in January while the Bagle botnet has taken the lion’s share with 20 percent of spam,” the MessageLabs report said. Source:

50. January 25, Softpedia – (International) Users infected with scareware via ICQ malvertizing. Scareware distributors have managed to push rogue antivirus advertisements onto the ICQ network by posing as the clothing retailer Charlotte Russe. According to a senior antivirus researcher at Kaspersky Lab, the security vendor began receiving numerous reports of infections with a piece of scareware called Antivirus 8 recently. Upon investigating the problem, Kaspersky’s researchers realized that fake antivirus popups were being displayed on people’s desktop even when they were not using their browsers. The rogue ads were tracked down to running instances of the ICQ instant messaging application which has its own internal advertising mechanism. When investigating the ICQ advertisements, experts found that one of them was loaded from [censored], a domain name that seems to be related to clothing retailer. Source:

51. January 25, Help Net Security – (International) Facebook fake photo links lead to malware. A simplistic but effective bait leading to malware has been circling on Facebook for the past few weeks. Users are sent messages from friends’ accounts saying Foto :D apps(dot)facebook(dot)com/photobf/index(dot)php. If the user fails to find it strange or suspicious, a click on the link will take him to a page where the photo was allegedly posted prior to being moved. The next click on the “View Photo” button triggers the download of what looks at first glance like a .png file because of its icon, but it is actually an executable. According to GFI, many rogue application pages were involved in the malware run, but have been deactivated by Facebook one by one. The external sites that have been serving the malware have also been taken offline. The malicious file is a generic Trojan, and is currently being detected by more than two thirds of the AV solutions used by VirusTotal. Source:

For more stories, see item 15 above in the Banking and Finance Sector

Communications Sector

52. January 25, Spokane Spokesman Review – (Washington; Colorado) Accident causes power, Internet outages. Avista customers lost electrical power and a number of businesses lost Internet service January 25 morning after a car smashed a utility pole in Otis Orchards, Washington. About 700 homes were without power for more than 90 minutes after the 4:30 a.m. incident at the intersection of Starr Road and Wellesley Avenue. The longer-lasting impact was on Internet service for more than a dozen business customers of Colorado-based Zayo Enterprises, which manages a large network of fiber-optic cables. Three routes of fiber-optic lines converge on the power pole that was knocked over, a company spokesman said. He said the fiber lines will be reconnected “by this (January 25) evening. The power lines had to be repaired first (before the fiber lines could be fixed),” he said. The spokesman said he had no way of knowing how many dark-fiber customers were impacted. Source: