Friday, April 29, 2011

Complete DHS Daily Report for April 29, 2011

Daily Report

Top Stories

• Associated Press reports massive tornadoes tore a town-flattening streak across the South, killing at least 269 people in 6 states, and knocking out power to more than 1 million people in Alabama. (See items 2, 24, 25, 36, 50)

2. April 28, Associated Press – (Southeast) Tornadoes devastate South, killing at least 269. Massive tornadoes tore a town-flattening streak across the South, killing at least 269 people in six states and forcing rescuers to carry some survivors out on makeshift stretchers of splintered debris. Two of Alabama’s major cities were among the places devastated by the deadliest twister outbreak in nearly 40 years that also knocked out power to more than 1 million people. Alabama officials confirmed 180 deaths, while there were 33 in Mississippi, 33 in Tennessee, 14 in Georgia, 8 in Virginia and 1ne in Kentucky. The U.S. President has already approved the Alabama governor’s request for emergency federal assistance. The National Weather Service’s Storm Prediction Center in Norman, Oklahoma, said it received 137 tornado reports into the night of April 27. The storms forced authorities in some places into makeshift command posts after their headquarters lost power or were damaged, and an Alabama nuclear plant was using backup generators to cool units that were shut down. A tornado expert at the Oklahoma center said it appears some of the tornadoes were as wide as a mile. Some of the worst damage was in Tuscaloosa, a city of more than 83,000 that is home to the University of Alabama. The storm system spread destruction from Texas to New York, where dozens of roads were flooded or washed out. The governors of Alabama, Mississippi, and Georgia each issued emergency declarations for parts of their states. Source:

24. April 27, Bloomberg – (National) Severe weather disrupts flights as tornadoes threaten east. High winds and thunderstorms delayed flights to New York and Atlanta as severe weather raked the Southeast and the eastern United States Planes bound for New York’s LaGuardia Airport and Hartsfield-Jackson Atlanta International, the world’s busiest airport, were being held until storms cleared, according to the Federal Aviation Administration Web site. More than 500 flights were canceled April 27, according to the FlightAware tracking service.Thunderstorms, hail, high winds, and tornadoes led to air traffic delays of more than 90 minutes at airports in the Midwest and East April 26. A Southwest Airlines Co. jet slid off the runway at Chicago’s Midway Airport in heavy rain without injury to anyone aboard. Storms in the so-called golden triangle, an area bounded by New York City, Chicago, and Atlanta, are most likely to cause air traffic delays and cancellations. At least 678 flights throughout the U.S. were canceled April 26, according to FlightAware tracking data. Source:

25. April 27, WLWT 5 Cincinnati – (Kentucky) Tornado warning forces airport evacuation. The terminal at the Greater Cincinnati/Northern Kentucky International Airport in Hebron, Kentucky, was evacuated April 27 due to severe weather. A tornado warning put the airport into emergency mode, and passengers and employees emptied the main floors of the terminals and headed for shelter. More than 1,000 people had to leave the lowest levels of the airport. The emergency temporarily stopped departures until the storm cleared. Source:

36. April 27, Associated Press – (Alabama) University of Alabama cancels classes after fierce storm strikes Tuscaloosa. The University of Alabama canceled classes April 28 and suspended normal operations on campus after a deadly tornado swept through Tuscaloosa, Alabama April 27. The mayor of Tuscaloosa said there were 15 confirmed deaths from the storm. University officials said power outages at the school were widespread, but they had no reports of structural damage to buildings on campus. University officials said parts of Tuscaloosa where many off-campus students live were damaged, however. The university has made the student recreation center available to students whose off-campus residences are damaged. A school spokeswoman said the tornado came very close to the campus. Source:

50. April 28, Atlanta Journal Constitution; Associated Press – (National) Georgia storms | At least 13 dead, widespread destruction. Emergency crews searched for survivors and victims in Georgia April 28 after a tornado ripped through Catoosa County, killing at least seven people and knocking out power to more than 45,000. At least four other people died in Georgia in storm-related incidents. There were reports of people still trapped in buildings in Ringgold, Georgia, April 28. A Georgia Emergency Management Agency (GEMA) spokesman said the death toll “was fluid” as rescue and recovery efforts continued. She said GEMA was only confirming 10 deaths, but the number would likely rise. Catoosa County officials said in a statement 30 people had been taken to local hospitals, and “at this time, emergency personnel are still searching the area for survivors.” A hotel and row of restaurants just off I-75 in Ringgold took a direct hit from the tornado. A local business owner said about 400 people from the Super 8 and the damaged restaurants took refuge in the lobby and hallways of his hotel immediately after the tornado struck at 8:19 p.m. There was also widespread destruction in Spalding County, south of Atlanta. In the town of Sunny Side, the tornado erased a gas station/convenience store, heavily damaged the post office and a salvage business, and cleared an RV lot of more than $1 million in inventory. The lot at Sunnyside RV and Truck Sales was filled with 35-foot 20,000-pound coaches but is now half empty. Source:

• According to Reuters, severe storms and tornadoes caused three Tennessee Valley Authority nuclear reactors in Alabama to be shut down. (See item 10)

10. April 27, Reuters – (Alabama) Storms knock out TVA nuclear units, power lines. Severe storms and tornadoes moving through the Southeast dealt a severe blow to the Tennessee Valley Authority (TVA) April 27, causing three nuclear reactors in Alabama to be shut down and 11 high-voltage power lines to be knocked out, the utility and regulators said. All three units at TVA’s 3,274-megawatt Browns Ferry nuclear plant near Decatur and Athens, Alabama tripped about 5:30 p.m. after losing outside power to the plant, a spokesman for the U.S. Nuclear Regulatory Commission (NRC) said. A TVA spokeswoman said the plant’s output had reduced power earlier due to transmission line damage from a line of severe storms that spawned a number of tornadoes as it moved through Mississippi, Alabama, Kentucky, and Tennessee. The NRC spokesman said early information indicated the units shut normally and the plant’s diesel generators started up to supply power for the plant’s safety system. The government-owned corporation said crews were working to restore service, but more severe weather was forecast, TVA said in a release. Source:


Banking and Finance Sector

16. April 28, Reading Eagle – (Pennsylvania) Man robs bank with what he told tellers was bomb. Pennsylvania State Police said April 27 they are looking for a 43-year-old Temple man who robbed a Lehigh County bank by putting something he claimed was a bomb into the drive-through tube. State troopers from Fogelsville got an arrest warrant for the man on charges he robbed the TD Bank on Hamilton Boulevard in Lower Macungie Township April 25. The suspect was charged with robbery and related offenses. He was last seen driving a green, 1996 Ford F-150 pickup truck, troopers said. According to investigators, the suspect drove up to a drive-through windows and displayed a device he said was a bomb. He put it into a tube and sent it into the bank. He demanded moneys and told the tellers the bomb would explode if they did not give him money. The tellers placed an undisclosed amount of money into the tube with the device and sent it back to the suspect. He took the money and fled. It was unclear if the device was actually a bomb and if he took it with him when he fled. Source:

17. April 27, Associated Press – (New Jersey) NY man pleads guilty in ATM ‘skimming’ scheme. A Brooklyn, New York man has pleaded guilty in a scheme that stole account information from New Jersey bank customers by installing secret recording devices on ATM machines. The 28-year-old man admitted April 27 in U.S. District Court in Newark that he conspired with others to install the so-called skimming devices on ATMs at Valley National Bank branches in Nutley and Belleville. Prosecutors said the man and his accomplices took more than $278,000 from customers’ accounts. The bank absorbed the losses when it repaid the defrauded customers. He has been held without bail since his arrest in June 2010. He faces a maximum possible penalty of more than 30 years in prison, although the actual sentence is likely to be less under federal sentencing guidelines. Source:

18. April 27, Ellensburg Daily Record – (Washington) ‘Bad Hair Babe’ is suspect in Tuesday’s Wheatland Bank robbery. Police suspect the woman who robbed the Wheatland Bank in Ellensburg, Washington April 26 is the “Bad Hair Babe” bank robber who is suspected of robbing or attempting to rob 14 banks in the state, said a captain with the Ellensburg Police Department. At about 3:25 p.m. April 26, a woman entered the bank at 205 S. Main Street and demanded cash from the teller. She fled on foot with an undisclosed amount of money, police said. The suspect is described as a white female, 5 feet to 5 feet 3 inches tall, heavyset, wearing light colored tennis shoes, blue jeans, and a light-colored zipped hoodie, according to a department news release. The suspect appeared to be wearing a black, shoulder-length wig and glasses. She made reference to having some type of a weapon but none was displayed, the release said. She handed the teller a note demanding money, police said, which also occurred in the other robberies. In their initial response, detectives were able to make several contacts with agencies on the West Side of the state with similar suspect information, including the FBI and Tacoma Police, according to a department news release. Source:

19. April 27, PC Magazine – (International) Feds need more time to topple Coreflood botnet, exploring remote removal. Government efforts to take down the Coreflood botnet have had some success, but the Department of Justice (DOJ) asked a court April 23 for more time to defuse the situation. The agency said it will also provide remote removal of Coreflood from users’ computers. Earlier in April, FBI and DOJ collaborated to block the spread of Coreflood, a botnet that had infected hundreds of thousands of PCs. Both agencies issued warrants for and seized five “command and control” servers used to control the botnet, made up of PCs that had been infected and remotely controlled. Twenty-nine domains were also seized. The government has since set up two substitute servers to respond to requests from infected computers. Officials in Estonia also seized several additional servers believed to be Coreflood predecessors. In the April 23 filing with a Connecticut district court, the U.S. attorney’s office said the number of “beacons,” or requests, from Coreflood in the United States dropped from 800,000 April 13 to just under 100,000 April 22. Beacons are not the same as number of computers infected because some computers re-start themselves during the day, thereby adding an extra beacon to the count. The actual number of infected computers is unknown, DOJ said. Nonetheless, the seizure has “temporarily stopped Coreflood from running on infected computers in the U.S., preventing further loss of privacy and damages to the financial security of owners and users of the infected computers,” the DOJ said in its filing. It has also stopped Coreflood from updating itself, so antivirus vendors can release fixes. They “are no longer faced with a moving target and have been able to release virus signatures capable of detecting the latest versions of Coreflood,” DOJ said. Despite this work, more time is needed to allow additional antivirus vendors to release signatures, as well as to notify victims. The government has asked for a 30-day extension, until May 25. Source:,2817,2384447,00.asp

20. April 27, WCMH 4 Columbus – (Ohio) 8 indicted in large-scale mortgage scheme. Eight people were indicted April 27 in a Franklin County, Ohio court in connection with a large-scale mortgage scheme. The indictments include many fraud-related crimes, including engaging in a pattern of corrupt activity, theft, money laundering, receiving stolen property, and forgery. Investigators determined the fraud operation was orchestrated by by two men, doing business as Platinum Mortgage, Edison Mortgage, Prime Real Estate, and others. Officials said that between 2003 and 2006, more than 22 fraudulent mortgage loans were obtained, resulting in the issuance of more than $12 million of fraudulent loan proceeds. More than $2.5 million was received and laundered through many individual and business bank accounts owned or associated with the two men and other defendants. Most of the properties ultimately wound up in foreclosure, resulting in extensive losses to the lenders. Nineteen Central Ohio properties were involved. Six other people were indicted with the two men, including a realtor, and the owner of a local title agency. Also used in the scheme were 15 straw buyers, whose credit was used to acquire the loans. Others involved included mortgage brokers, appraisers, and notaries. Source:

Information Technology

43. April 28, Help Net Security – (International) Researchers crack Nikon image authentication system. ElcomSoft researched Nikon’s Image Authentication System, a secure suite validating if an image has been altered since capture, and discovered a major vulnerability in the manner the secure image signing key is handled. This allowed the company to extract the original signing key from a Nikon camera. The vulnerability, when exploited, makes it possible to produce manipulated images with a fully valid authentication signature. ElcomSoft was able to successfully extract the original image signing key and produce a set of forged images that successfully pass validation with Nikon Image Authentication Software. Source:

44. April 28, The Register – (International) PlayStation Network credit cards protected by encryption. All credit card information stored on Sony’s PlayStation Network was encrypted, the company said 1 day after warning users their user names, passwords, birth dates, and home addresses were stolen in a security breach. “The entire credit card table was encrypted and we have no evidence that credit card data was taken,” Sony representatives wrote in the update, which was posted late April 27. “The personal data table, which is a separate data set, was not encrypted, but was, of course, behind a very sophisticated security system that was breached in a malicious attack.” The update clarifies statements Sony made April 26 that the stolen information may have included payment-card data, purchase history, billing addresses, and security answers used to change passwords. The company did not provide details about the encryption used to protect card data, but assuming it followed standard industry practices, it was likely enough to prevent the information from being used by the hackers behind the break in. The update April 27 follows multiple news reports that recounted PSN users who reported credit card fraud that seemed to coincide with the breach. Source:

45. April 28, The Register – (Unknown Geographic Scope) Targeted phish frags XBox gamers. Microsoft has warned users of Xbox Live to be wary of targeted phishing scams that attempt to trick users into handing over gamer tags and passwords. The latest online gaming scam is more carefully targeted and subtler than most. Gamers are induced to hand over log-in credentials while playing the popular first-person shooter Modern Warfare 2 via “title specific messages”, Microsoft warns via a status update on its Xbox Support Web site. The scam appears to rely on a game modification that allows users to post chat messages onscreen that resemble those posted ingame by developers. These messages link to a phishing Web site that invite users to hand over log-in credentials. Source:

46. April 27, Computerworld – (International) Sony to restart Blu-ray Disc production in late May. Sony plans to resume production of Blu-ray and other optical discs at a tsunami-hit factory in northern Japan in late May, it said April 28. The company’s Sendai Technology Center in the city of Tagajo is the only Sony plant still offline after a powerful earthquake and tsunami hit eastern Japan March 11. Now, Sony is anticipating the restart of some operations. The factory is Sony’s principle production base for professional video tapes, blank Blu-ray Discs, and other media products, and the halt in production caused a pinch on supply of some professional media products such as HDCAM video tapes for portable TV cameras. While the optical disc production will start in late May, production of magnetic tapes, such as those for TV cameras, is not likely to resume until late July. Source: 47. April 27, Government Computer News – (International) Apple claims it only maintains database of Wi-Fi hotspots, cell towers. Addressing claims that its iPhones are gathering location data, Apple said in a statement April 27 that the extent of Global Positioning System information being gathered is the result of a recently uncovered bug. After the fix, the company said it will not need to store more than 7 days’ worth of information to maintain a database of Wi-Fi hotspots and cell towers around a user’s current location. This information helps the iPhone calculate locations quickly. “The location data that researchers are seeing on the iPhone is not the past or present location of the iPhone, but rather the locations of Wi-Fi hotspots and cell towers surrounding the iPhone’s location, which can be more than 100 miles away from the iPhone,” the statement said.”This cache is protected but not encrypted, and is backed up in iTunes whenever you back up your phone,” Apple said in the statement, adding the iPhone cache will be encrypted in the next major iOS software release. Source:

48. April 27, Computerworld – (International) Google patches 27 Chrome bugs, pays out record bounties. Google April 27 patched 27 vulnerabilities in Chrome as it boosted the “stable” build of the browser to version 11 on Windows, Mac, and Linux. The update fixed 18 vulnerabilities rated “high,” the second-most-severe ranking in Google’s scoring; 6 labeled “medium”; and 3 pegged as “low.” None of the vulnerabilities was ranked “critical,” the category reserved for bugs that may let an attacker escape Chrome’s anti-exploit “sandbox.” Google has patched three critical bugs so far in 2011. Five of the vulnerabilities were identified as “stale pointer” bugs, a term that describes flaws in an application’s — in this case, Chrome’s — memory allocation code. Google has patched numerous stale pointer bugs in the last 4 months. Other flaws fixed could be used by attackers to spoof the contents of the address bar — a bug that typically gets the attention of phishers and identity thieves — or to compromise the browser with malicious SVG files. Source:

Communications Sector

49. April 27, IDG News Service – (National) Verizon finds cause of LTE outage. Verizon Wireless determined the cause of an outage that crippled its long-term evolution (LTE) mobile data network starting late April 26. It is working to solve the problem, but the carrier has not estimated when the system will be restored. Users of LTE smartphones can still make phone calls and use slower data connections on Verizon’s Code-Division Multiple Access (CDMA) network, according to a Verizon statement released April 27 at 4:15 p.m. However, subscribers cannot use the LTE network, Verizon’s fastest, nor activate any LTE devices, the company said. “We expect to see the network restore on a market-by-market basis. Timing and additional details will be provided as they become available,” the statement said. Verizon first acknowledged the problem April 27 after published reports that the network had gone down nationwide. The outage was the first major blemish on the LTE network, which was launched commercially late in 2010. Verizon’s is the first national network using LTE and has delivered average speeds of 6.5M bps downstream and 5M bps upstream in tests by PC World. Rival AT&T plans to launch an LTE network later in 2011. Source:

No comments: