Friday, April 29, 2011

Complete DHS Daily Report for April 29, 2011

Daily Report

Top Stories

• Associated Press reports massive tornadoes tore a town-flattening streak across the South, killing at least 269 people in 6 states, and knocking out power to more than 1 million people in Alabama. (See items 2, 24, 25, 36, 50)

2. April 28, Associated Press – (Southeast) Tornadoes devastate South, killing at least 269. Massive tornadoes tore a town-flattening streak across the South, killing at least 269 people in six states and forcing rescuers to carry some survivors out on makeshift stretchers of splintered debris. Two of Alabama’s major cities were among the places devastated by the deadliest twister outbreak in nearly 40 years that also knocked out power to more than 1 million people. Alabama officials confirmed 180 deaths, while there were 33 in Mississippi, 33 in Tennessee, 14 in Georgia, 8 in Virginia and 1ne in Kentucky. The U.S. President has already approved the Alabama governor’s request for emergency federal assistance. The National Weather Service’s Storm Prediction Center in Norman, Oklahoma, said it received 137 tornado reports into the night of April 27. The storms forced authorities in some places into makeshift command posts after their headquarters lost power or were damaged, and an Alabama nuclear plant was using backup generators to cool units that were shut down. A tornado expert at the Oklahoma center said it appears some of the tornadoes were as wide as a mile. Some of the worst damage was in Tuscaloosa, a city of more than 83,000 that is home to the University of Alabama. The storm system spread destruction from Texas to New York, where dozens of roads were flooded or washed out. The governors of Alabama, Mississippi, and Georgia each issued emergency declarations for parts of their states. Source:

24. April 27, Bloomberg – (National) Severe weather disrupts flights as tornadoes threaten east. High winds and thunderstorms delayed flights to New York and Atlanta as severe weather raked the Southeast and the eastern United States Planes bound for New York’s LaGuardia Airport and Hartsfield-Jackson Atlanta International, the world’s busiest airport, were being held until storms cleared, according to the Federal Aviation Administration Web site. More than 500 flights were canceled April 27, according to the FlightAware tracking service.Thunderstorms, hail, high winds, and tornadoes led to air traffic delays of more than 90 minutes at airports in the Midwest and East April 26. A Southwest Airlines Co. jet slid off the runway at Chicago’s Midway Airport in heavy rain without injury to anyone aboard. Storms in the so-called golden triangle, an area bounded by New York City, Chicago, and Atlanta, are most likely to cause air traffic delays and cancellations. At least 678 flights throughout the U.S. were canceled April 26, according to FlightAware tracking data. Source:

25. April 27, WLWT 5 Cincinnati – (Kentucky) Tornado warning forces airport evacuation. The terminal at the Greater Cincinnati/Northern Kentucky International Airport in Hebron, Kentucky, was evacuated April 27 due to severe weather. A tornado warning put the airport into emergency mode, and passengers and employees emptied the main floors of the terminals and headed for shelter. More than 1,000 people had to leave the lowest levels of the airport. The emergency temporarily stopped departures until the storm cleared. Source:

36. April 27, Associated Press – (Alabama) University of Alabama cancels classes after fierce storm strikes Tuscaloosa. The University of Alabama canceled classes April 28 and suspended normal operations on campus after a deadly tornado swept through Tuscaloosa, Alabama April 27. The mayor of Tuscaloosa said there were 15 confirmed deaths from the storm. University officials said power outages at the school were widespread, but they had no reports of structural damage to buildings on campus. University officials said parts of Tuscaloosa where many off-campus students live were damaged, however. The university has made the student recreation center available to students whose off-campus residences are damaged. A school spokeswoman said the tornado came very close to the campus. Source:

50. April 28, Atlanta Journal Constitution; Associated Press – (National) Georgia storms | At least 13 dead, widespread destruction. Emergency crews searched for survivors and victims in Georgia April 28 after a tornado ripped through Catoosa County, killing at least seven people and knocking out power to more than 45,000. At least four other people died in Georgia in storm-related incidents. There were reports of people still trapped in buildings in Ringgold, Georgia, April 28. A Georgia Emergency Management Agency (GEMA) spokesman said the death toll “was fluid” as rescue and recovery efforts continued. She said GEMA was only confirming 10 deaths, but the number would likely rise. Catoosa County officials said in a statement 30 people had been taken to local hospitals, and “at this time, emergency personnel are still searching the area for survivors.” A hotel and row of restaurants just off I-75 in Ringgold took a direct hit from the tornado. A local business owner said about 400 people from the Super 8 and the damaged restaurants took refuge in the lobby and hallways of his hotel immediately after the tornado struck at 8:19 p.m. There was also widespread destruction in Spalding County, south of Atlanta. In the town of Sunny Side, the tornado erased a gas station/convenience store, heavily damaged the post office and a salvage business, and cleared an RV lot of more than $1 million in inventory. The lot at Sunnyside RV and Truck Sales was filled with 35-foot 20,000-pound coaches but is now half empty. Source:

• According to Reuters, severe storms and tornadoes caused three Tennessee Valley Authority nuclear reactors in Alabama to be shut down. (See item 10)

10. April 27, Reuters – (Alabama) Storms knock out TVA nuclear units, power lines. Severe storms and tornadoes moving through the Southeast dealt a severe blow to the Tennessee Valley Authority (TVA) April 27, causing three nuclear reactors in Alabama to be shut down and 11 high-voltage power lines to be knocked out, the utility and regulators said. All three units at TVA’s 3,274-megawatt Browns Ferry nuclear plant near Decatur and Athens, Alabama tripped about 5:30 p.m. after losing outside power to the plant, a spokesman for the U.S. Nuclear Regulatory Commission (NRC) said. A TVA spokeswoman said the plant’s output had reduced power earlier due to transmission line damage from a line of severe storms that spawned a number of tornadoes as it moved through Mississippi, Alabama, Kentucky, and Tennessee. The NRC spokesman said early information indicated the units shut normally and the plant’s diesel generators started up to supply power for the plant’s safety system. The government-owned corporation said crews were working to restore service, but more severe weather was forecast, TVA said in a release. Source:


Banking and Finance Sector

16. April 28, Reading Eagle – (Pennsylvania) Man robs bank with what he told tellers was bomb. Pennsylvania State Police said April 27 they are looking for a 43-year-old Temple man who robbed a Lehigh County bank by putting something he claimed was a bomb into the drive-through tube. State troopers from Fogelsville got an arrest warrant for the man on charges he robbed the TD Bank on Hamilton Boulevard in Lower Macungie Township April 25. The suspect was charged with robbery and related offenses. He was last seen driving a green, 1996 Ford F-150 pickup truck, troopers said. According to investigators, the suspect drove up to a drive-through windows and displayed a device he said was a bomb. He put it into a tube and sent it into the bank. He demanded moneys and told the tellers the bomb would explode if they did not give him money. The tellers placed an undisclosed amount of money into the tube with the device and sent it back to the suspect. He took the money and fled. It was unclear if the device was actually a bomb and if he took it with him when he fled. Source:

17. April 27, Associated Press – (New Jersey) NY man pleads guilty in ATM ‘skimming’ scheme. A Brooklyn, New York man has pleaded guilty in a scheme that stole account information from New Jersey bank customers by installing secret recording devices on ATM machines. The 28-year-old man admitted April 27 in U.S. District Court in Newark that he conspired with others to install the so-called skimming devices on ATMs at Valley National Bank branches in Nutley and Belleville. Prosecutors said the man and his accomplices took more than $278,000 from customers’ accounts. The bank absorbed the losses when it repaid the defrauded customers. He has been held without bail since his arrest in June 2010. He faces a maximum possible penalty of more than 30 years in prison, although the actual sentence is likely to be less under federal sentencing guidelines. Source:

18. April 27, Ellensburg Daily Record – (Washington) ‘Bad Hair Babe’ is suspect in Tuesday’s Wheatland Bank robbery. Police suspect the woman who robbed the Wheatland Bank in Ellensburg, Washington April 26 is the “Bad Hair Babe” bank robber who is suspected of robbing or attempting to rob 14 banks in the state, said a captain with the Ellensburg Police Department. At about 3:25 p.m. April 26, a woman entered the bank at 205 S. Main Street and demanded cash from the teller. She fled on foot with an undisclosed amount of money, police said. The suspect is described as a white female, 5 feet to 5 feet 3 inches tall, heavyset, wearing light colored tennis shoes, blue jeans, and a light-colored zipped hoodie, according to a department news release. The suspect appeared to be wearing a black, shoulder-length wig and glasses. She made reference to having some type of a weapon but none was displayed, the release said. She handed the teller a note demanding money, police said, which also occurred in the other robberies. In their initial response, detectives were able to make several contacts with agencies on the West Side of the state with similar suspect information, including the FBI and Tacoma Police, according to a department news release. Source:

19. April 27, PC Magazine – (International) Feds need more time to topple Coreflood botnet, exploring remote removal. Government efforts to take down the Coreflood botnet have had some success, but the Department of Justice (DOJ) asked a court April 23 for more time to defuse the situation. The agency said it will also provide remote removal of Coreflood from users’ computers. Earlier in April, FBI and DOJ collaborated to block the spread of Coreflood, a botnet that had infected hundreds of thousands of PCs. Both agencies issued warrants for and seized five “command and control” servers used to control the botnet, made up of PCs that had been infected and remotely controlled. Twenty-nine domains were also seized. The government has since set up two substitute servers to respond to requests from infected computers. Officials in Estonia also seized several additional servers believed to be Coreflood predecessors. In the April 23 filing with a Connecticut district court, the U.S. attorney’s office said the number of “beacons,” or requests, from Coreflood in the United States dropped from 800,000 April 13 to just under 100,000 April 22. Beacons are not the same as number of computers infected because some computers re-start themselves during the day, thereby adding an extra beacon to the count. The actual number of infected computers is unknown, DOJ said. Nonetheless, the seizure has “temporarily stopped Coreflood from running on infected computers in the U.S., preventing further loss of privacy and damages to the financial security of owners and users of the infected computers,” the DOJ said in its filing. It has also stopped Coreflood from updating itself, so antivirus vendors can release fixes. They “are no longer faced with a moving target and have been able to release virus signatures capable of detecting the latest versions of Coreflood,” DOJ said. Despite this work, more time is needed to allow additional antivirus vendors to release signatures, as well as to notify victims. The government has asked for a 30-day extension, until May 25. Source:,2817,2384447,00.asp

20. April 27, WCMH 4 Columbus – (Ohio) 8 indicted in large-scale mortgage scheme. Eight people were indicted April 27 in a Franklin County, Ohio court in connection with a large-scale mortgage scheme. The indictments include many fraud-related crimes, including engaging in a pattern of corrupt activity, theft, money laundering, receiving stolen property, and forgery. Investigators determined the fraud operation was orchestrated by by two men, doing business as Platinum Mortgage, Edison Mortgage, Prime Real Estate, and others. Officials said that between 2003 and 2006, more than 22 fraudulent mortgage loans were obtained, resulting in the issuance of more than $12 million of fraudulent loan proceeds. More than $2.5 million was received and laundered through many individual and business bank accounts owned or associated with the two men and other defendants. Most of the properties ultimately wound up in foreclosure, resulting in extensive losses to the lenders. Nineteen Central Ohio properties were involved. Six other people were indicted with the two men, including a realtor, and the owner of a local title agency. Also used in the scheme were 15 straw buyers, whose credit was used to acquire the loans. Others involved included mortgage brokers, appraisers, and notaries. Source:

Information Technology

43. April 28, Help Net Security – (International) Researchers crack Nikon image authentication system. ElcomSoft researched Nikon’s Image Authentication System, a secure suite validating if an image has been altered since capture, and discovered a major vulnerability in the manner the secure image signing key is handled. This allowed the company to extract the original signing key from a Nikon camera. The vulnerability, when exploited, makes it possible to produce manipulated images with a fully valid authentication signature. ElcomSoft was able to successfully extract the original image signing key and produce a set of forged images that successfully pass validation with Nikon Image Authentication Software. Source:

44. April 28, The Register – (International) PlayStation Network credit cards protected by encryption. All credit card information stored on Sony’s PlayStation Network was encrypted, the company said 1 day after warning users their user names, passwords, birth dates, and home addresses were stolen in a security breach. “The entire credit card table was encrypted and we have no evidence that credit card data was taken,” Sony representatives wrote in the update, which was posted late April 27. “The personal data table, which is a separate data set, was not encrypted, but was, of course, behind a very sophisticated security system that was breached in a malicious attack.” The update clarifies statements Sony made April 26 that the stolen information may have included payment-card data, purchase history, billing addresses, and security answers used to change passwords. The company did not provide details about the encryption used to protect card data, but assuming it followed standard industry practices, it was likely enough to prevent the information from being used by the hackers behind the break in. The update April 27 follows multiple news reports that recounted PSN users who reported credit card fraud that seemed to coincide with the breach. Source:

45. April 28, The Register – (Unknown Geographic Scope) Targeted phish frags XBox gamers. Microsoft has warned users of Xbox Live to be wary of targeted phishing scams that attempt to trick users into handing over gamer tags and passwords. The latest online gaming scam is more carefully targeted and subtler than most. Gamers are induced to hand over log-in credentials while playing the popular first-person shooter Modern Warfare 2 via “title specific messages”, Microsoft warns via a status update on its Xbox Support Web site. The scam appears to rely on a game modification that allows users to post chat messages onscreen that resemble those posted ingame by developers. These messages link to a phishing Web site that invite users to hand over log-in credentials. Source:

46. April 27, Computerworld – (International) Sony to restart Blu-ray Disc production in late May. Sony plans to resume production of Blu-ray and other optical discs at a tsunami-hit factory in northern Japan in late May, it said April 28. The company’s Sendai Technology Center in the city of Tagajo is the only Sony plant still offline after a powerful earthquake and tsunami hit eastern Japan March 11. Now, Sony is anticipating the restart of some operations. The factory is Sony’s principle production base for professional video tapes, blank Blu-ray Discs, and other media products, and the halt in production caused a pinch on supply of some professional media products such as HDCAM video tapes for portable TV cameras. While the optical disc production will start in late May, production of magnetic tapes, such as those for TV cameras, is not likely to resume until late July. Source: 47. April 27, Government Computer News – (International) Apple claims it only maintains database of Wi-Fi hotspots, cell towers. Addressing claims that its iPhones are gathering location data, Apple said in a statement April 27 that the extent of Global Positioning System information being gathered is the result of a recently uncovered bug. After the fix, the company said it will not need to store more than 7 days’ worth of information to maintain a database of Wi-Fi hotspots and cell towers around a user’s current location. This information helps the iPhone calculate locations quickly. “The location data that researchers are seeing on the iPhone is not the past or present location of the iPhone, but rather the locations of Wi-Fi hotspots and cell towers surrounding the iPhone’s location, which can be more than 100 miles away from the iPhone,” the statement said.”This cache is protected but not encrypted, and is backed up in iTunes whenever you back up your phone,” Apple said in the statement, adding the iPhone cache will be encrypted in the next major iOS software release. Source:

48. April 27, Computerworld – (International) Google patches 27 Chrome bugs, pays out record bounties. Google April 27 patched 27 vulnerabilities in Chrome as it boosted the “stable” build of the browser to version 11 on Windows, Mac, and Linux. The update fixed 18 vulnerabilities rated “high,” the second-most-severe ranking in Google’s scoring; 6 labeled “medium”; and 3 pegged as “low.” None of the vulnerabilities was ranked “critical,” the category reserved for bugs that may let an attacker escape Chrome’s anti-exploit “sandbox.” Google has patched three critical bugs so far in 2011. Five of the vulnerabilities were identified as “stale pointer” bugs, a term that describes flaws in an application’s — in this case, Chrome’s — memory allocation code. Google has patched numerous stale pointer bugs in the last 4 months. Other flaws fixed could be used by attackers to spoof the contents of the address bar — a bug that typically gets the attention of phishers and identity thieves — or to compromise the browser with malicious SVG files. Source:

Communications Sector

49. April 27, IDG News Service – (National) Verizon finds cause of LTE outage. Verizon Wireless determined the cause of an outage that crippled its long-term evolution (LTE) mobile data network starting late April 26. It is working to solve the problem, but the carrier has not estimated when the system will be restored. Users of LTE smartphones can still make phone calls and use slower data connections on Verizon’s Code-Division Multiple Access (CDMA) network, according to a Verizon statement released April 27 at 4:15 p.m. However, subscribers cannot use the LTE network, Verizon’s fastest, nor activate any LTE devices, the company said. “We expect to see the network restore on a market-by-market basis. Timing and additional details will be provided as they become available,” the statement said. Verizon first acknowledged the problem April 27 after published reports that the network had gone down nationwide. The outage was the first major blemish on the LTE network, which was launched commercially late in 2010. Verizon’s is the first national network using LTE and has delivered average speeds of 6.5M bps downstream and 5M bps upstream in tests by PC World. Rival AT&T plans to launch an LTE network later in 2011. Source:

Thursday, April 28, 2011

Complete DHS Daily Report for April 28, 2011

Daily Report

Top Stories

• KSDK 5 reports it will take a year for full repairs to be made to a Missouri Air National Guard base in St. Louis that suffered more than $10 million in damage from an April 22 tornado. (See item 34)

34. April 26, KSDK 5 St. Louis – (Missouri) National Guard base sustains $10 million in damage. The Missouri Air National Guard determined a tornado April 22 in St. Louis caused more than $10 million in damage, leaving several buildings at the facility in need of serious repair and the base covered in debris. The Missouri Air National Guard base is home to the 131st Mission Support Group and several tenant units — about 350 military personnel. The first round of tornado sirens began at 7:30 p.m. and the storm rolled in around 8 p.m., the Missouri Air National Guard said April 26. While the north side of the base went largely untouched, 16 buildings on the south side were hard hit and sustained damage. Airport luggage carts from nearby Lambert Airport were blown onto the base. An antenna array sitting atop one of the base buildings was bent in half. The base suffered from the same level of damage as the neighborhoods that surround it — downed power lines, collapsed walls, and cars that were tossed around like toys. Nearly 150 civilian and military personnel are involved in cleanup and recovery efforts at the base. A commanding officer said she expects the base to be between 75 and 100 percent operational by no later than May 1. Full repairs are expected to take a year at the 46-acre facility. Source:

• According to Wired, Sony thinks an “unauthorized person” has access to all PlayStation Network account data and passwords, and may have obtained the credit card numbers of the service’s 70 million users. See item 41 below in the Information Technology Sector


Banking and Finance Sector

15. April 27, – (International) New wave of wire fraud strikes banks. Between March 2010 and April 2011, 20 incidents of wire fraud hit small and mid-sized U.S. businesses after online banking credentials were compromised. All of the transfers — typically ranging between $50,000 to $985,000 — were routed to Chinese economic and trade companies located near the Russian border. This news comes from an advisory issued by the FBI, the Financial Services Information Sharing and Analysis Center, and the Internet Crime Complaint Center about the unauthorized wire transfers being routed to China. Most of the small-business victims hold accounts with community banks and credit unions, some of which use third-party service providers for online banking services. So far, the 20 incidents tracked by the FBI total $20 million in fraudulent transfer attempts. Actual losses associated with fraudulent transactions, however, total $11 million. Phishing appears to be the point of entry for most of the attacks. Source:

16. April 27, H Security – (International) Zeus trojan adds fake investment adverts. The Zeus trojan toolkit has added a new armament to its weapons of mass deception — advertising. Trusteer has reportedly found a new configuration of the fraudsters digital toolkit which injects banner advertisements offering high rates of interest, from 7 to 32 percent per day, into Google and Bing pages. Those adverts linked to a site at http://ursinvestment(dot)com/ which allowed people to “open” investment accounts and wire transfer money to the fake company. The URS Investment pages are no longer online, but the IP address of the site, as reported by Trusteer, is host to pages of a similarly dubious nature which are fake versions of a legitimate company’s Web presence. For example, a “Trustwave” logo on the page, when clicked for verifications, appears to show the site is trusted but on closer examination, is showing the verification status for the U.S. online retailer NewEgg. The trojan configuration also targeted sites such as Forbes and Yahoo Finance, injecting fake articles into pages suggesting the sites were partnered with “URS Investments” and were recommended by Forbes and Yahoo, and offer links to sign up with the site. Other sites which are targeted by the trojan’s configuration include AOL, Amazon, Apple, CNN, Citibank, and ESPN. Source:

17. April 26, Newark Star-Ledger – (New Jersey) Whitehouse Station woman pleads guilty to $13.6 million Ponzi scheme. The owner of a Branchburg, New Jersey-based investment firm pleaded guilty April 25 to defrauding investors of more than $13.6 million in a Ponzi scheme, and using $7 million to settle gambling debts and pay for travel and personal expenses, a U.S. attorney announced. The 59-year-old woman of Whitehouse Station solicited investments for her firm, Systematic Financial Associates, Inc., by telling people a number of stories, the most popular being she would use their money to fund loans to doctors for their quarterly pension plans, the attorney said. Some investors thought they were buying Medicare “bonds” and their money would be backed by the federal program. Others believed their money was insured by the Federal Deposit Insurance Corporation, or personally guaranteed by the woman. On occasion, she directed her clients to transfer money from other investments into her scheme. To persuade investors to believe her story, she made up doctors that needed help or forged names of real doctors on promissory notes, sometimes giving investors schedules reflecting when they could expect a return on their money, usually 6 to 11 percent. After maintaining the fraud for more than a decade, she collected about $13.6 million from about 127 investors. She faces a maximum of 20 years in prison and a $5 million fine for the securities fraud count, and 10 years in prison and a $250,000 fine for transacting with money fraudulently obtained. Sentencing is scheduled for August 3. Source:

18. April 26, Detroit News – (Michigan) Farmington investment adviser pleads guilty in $7 million fraud. A Farmington Hills, Michigan investment adviser accused of spending an estimated $7 million in investor funds on strippers, gambling, and personal expenses pleaded guilty April 26 to bank fraud charges in federal court. The 56-year-old man told clients to liquidate their securities investments and invest the money through him, according to court records. The case involves up to 20 victims, many elderly, according to court records. The man, however, deposited the money into his own accounts and made some “interest” payments to other investors to perpetuate the scheme, court records show. He faces up to 30 years in prison. He is currently serving a 1-year sentence in the Macomb County Jail for stealing more than $100,000 from an elderly Macomb County client. Source:$7-million-fraud

19. April 21, Federal Bureau of Investigation – (New Jersey; New York) Staten Island businessman arrested on fraud charges for operating multi-million-dollar Ponzi scheme. A man from Staten Island, New York, was arrested April 21 on charges arising out of his alleged operation of a $12 million Ponzi scheme from 2007 to 2010. The founder and president of the Great Atlantic Group, Inc., a Staten Island-based real estate and financial consulting company, was charged with securities fraud, wire fraud, and money laundering in a federal indictment unsealed April 21 in federal court in Brooklyn. As alleged in the indictment, the man solicited investments in Third Millennium Enterprises, Inc. and 150 West State Street Corp., both associated with Great Atlantic that supposedly invested in real estate projects and provided private mortgages. He told prospective investors he would invest their money in real estate projects, including projects in Trenton, New Jersey, a warehouse in Utica, New York, and a golf course development project. From 2007 through 2010, investors contributed about $12 million to Third Millennium and 150 West State Street. As of December 2010, the combined closing balance of the bank accounts associated with the two companies was less than $15,000. Some investors were encouraged to obtain mortgages on their homes and to invest the proceeds with Third Millennium or 150 West State Street, and other investors, typically senior citizens, were encouraged to apply for reverse mortgages on their residences and to invest the proceed. The indictment charges that, by as early as January 2007, the suspect had virtually stopped investing in real estate projects, and instead operated Third Millennium and 150 West State Street as a Ponzi scheme. Source:

For another story, see item 41 below in the Information Technology Sector

Information Technology

38. April 27, Softpedia – (International) SpyEye adds support for Chrome and Opera. According to reports from the cyber criminal underground, the latest version of the SpyEye trojan comes with form grabbing support for Google Chrome and Opera, two browsers largely untouched by malware so far. A security researcher has published a screenshot taken from the trojan’s latest “builder” version and it has checkboxes for the anti-Rapport and Firefox webinjects plugins, as well as for Opera and Chrome form grabbers. These two new components are aimed at stealing information typed into Web forms. While this is not as advanced as injecting code into displayed Web pages, it represents a serious attack against users who believe that using alternative browsers keeps them safe. It is not yet entirely clear how these new form grabbers work, whether the malware hooks into the browsers’ DLLs or is using extensions. The hooking approach appears more likely because the APIs available to Chrome and Opera extensions are limited. In addition, only version 11 of Opera supports extensions. Source:

39. April 27, The Register – (International) Free and subdomain hosting lets phishing sites live longer. A growing numbers of phishers are using free domains and subdomain to register net fraud sites, a move that seem to have allowed phishing sites to stay online longer. Official figures from the Anti-Phishing Working Group records that around 11 percent of all phishing attacks took advantage of either the free .TK domain registration service or the CO.CC subdomain service during the second half of 2010. The Group found that 11,768 phishing Web sites were hosted on subdomain services, up 42 percent from the first half of 2010. The increased use of the sub-domain tactic seems to be designed to make it harder to get offending sub-domains taken down. As a result of this, in part, the time offended domains get to live has increased to a 3-year high. Source:

40. April 26, Bay City News Service – (California) Explosion at Agilent plant in Santa Rosa injures 3. An explosion at the Agilent Technologies facility in Santa Rosa, California, April 27 left 3 people injured and prompted the evacuation of about 100 employees, a company spokesman said. The explosion happened at about 10:30 a.m. in Building One at 1400 Fountaingrove Parkway. It occurred in a ground-floor laboratory, in an area where integrated circuits are made using molecular beam epitaxy, the Agilent spokesman said. The explosion injured two employees. One was a man who was cleaning a machine when there was a chemical flash, the spokesman said. He said cleaning the machine generally involves wearing a protective body suit, but he did not know whether the man was wearing one when the incident occurred. The other employee, a female contract employee from Volt, was injured when something fell and hit her on the head outside of the laboratory, the spokesman said. A Santa Rosa firefighter who was one of the first to respond to the incident was also injured. About six engines from the Santa Rosa Fire Department responded. Rincon Valley Fire Department offered mutual aid, with four fire engines, one truck and two chief officers. Agilent’s own chemical emergency response team also responded. No flames were found, but there was some damage to the lab, the spokesman said. The cause of the explosion is under investigation. There were about eight chemicals involved, according to a fire inspector. She did not know what those chemicals were. Source:

41. April 26, Wired – (International) PlayStation Network hack leaves credit card info at risk. Sony thinks an “unauthorized person” now has access to all PlayStation Network account data and passwords, and may have obtained the credit card numbers of the service’s 70 million users, Wired reported April 26. The PlayStation maker said it believes hackers have access to customers’ vital data, including names, birthdates, physical and e-mail addresses, and PlayStation Network/Qriocity passwords, logins, handles and online IDs. Credit card information, purchase histories and other profile data stored on the PlayStation Network servers also could be compromised, the Japanese company said in a blog post April 26. “While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility,” reads the post, which Sony said it will e-mail to all PlayStation Network account holders, as well as users of its Qriocity streaming-media service. “If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained.” The PlayStation Network, which provides online gameplay and digital game shopping for owners of PlayStation 3 and PSP devices, has been down since April 20, following what Sony called an “illegal intrusion” on its servers. The company said it expects to restore “some services” within a week. Source:

Communications Sector

42. April 26, Progressive Railroading – (National) NTSB restores online safety recommendations database. The National Transportation Safety Board (NTSB) recently restored Web access to its safety recommendations database, which had been offline for about 5 months. The database has been audited and verified, and features a few non-visible changes designed to improve information accuracy, according to the NTSB. To date, the database includes 13,450 total safety recommendations, 2,156 railroad and transit recommendations, and 239 open-status recommendations from railroads, transit agencies, governments and associations, according to the NTSB. Source: