Tuesday, May 17, 2011

Complete DHS Daily Report for May 17, 2011

Daily Report

Top Stories

• Firefighters worked more than 12 hours over 2 days to extinguish a fire at a biodiesel plant that caused explosions and millions in damage, and injured three firefighters. (See item 2)

2. May 16, Erie Times-News – (Pennsylvania) Firefighters return for rekindle of Harborcreek biodiesel plant blaze. Firefighters returned to a burning biodiesel plant in Harborcreek Township, Pennsylvania May 15 after flames rekindled in several areas of the facility. Light, hazy smoke rose off the building, the home to American Biodiesel Energy Inc. and North American Powder Coatings. Firefighters from at least five companies were called to the property, at 4680 Iroquois Avenue, at 7:30 p.m. Flames shot at least 100 feet and thick, black smoke billowed from the business. Nearby residents reported hearing multiple explosions. One sent a large piece of sheet metal flying about 200 feet. Firefighters were still there 2 hours later. Much of the building had burned May 14. About 100 firefighters from multiple volunteer departments had spent more than 6 hours controlling the blaze then. Three were injured. Investigators have not yet determined what caused the fire. The south wall of the building was intact May 15. Firefighters entered through a side door. A first assistant chief of Fairfield Hose Co. said all of the building except for the warehouse, was destroyed. Fire and rescue crews responded to the blaze May 14 at 8:18 p.m. The first assistant chief said it took 6 to 7 hours to get the fire under control, and 4 to 5 more hours before it was out. He headed back May 15 with Pennsylvania State Police to get their first look inside the remains of the building and try to determine how the fire began. Rescue crews were at first uncertain whether anyone was trapped in the structure May 14. “There was nobody inside the building that we know of,” the assistant chief said May 15. The plant’s heavily damaged front half contained equipment worth several million dollars, the building’s owner said. American Biodiesel Energy converts used cooking oil into biodiesel. Source: http://www.goerie.com/apps/pbcs.dll/article?AID=2011305159890

• The opening of spillway floodgates forced thousands of residents of towns along the Mississippi River in Louisiana to evacuate their homes, which along with 3 million acres of farmland, were in the path of hundreds of millions of gallons of water. (See item 62)

62. May 15, CNN – (Louisiana) Louisiana residents rush to protect homes, escape from looming floods. Residents of towns along the swollen Mississippi River May 15 packed up their valuables and made last-ditch efforts to place sandbags and makeshift levees outside their homes, trying to protect themselves and their homes from rising waters. These efforts occurred as the U.S. Army Corps of Engineers opened two additional gates on the Morganza spillway, located about 115 miles northwest of New Orleans, Louisiana. This is after opening the first two bays the previous day. The plan is to let out water from as many as one-fourth of the spillway’s 125 bays to spare the Louisiana cities of Baton Rouge and New Orleans from severe flooding, a Corps spokesman has said. But it may still affect nearly 4,000 people who live along the river, as it sends water toward homes and farmland in the Atchafalaya Basin, according to Louisiana’s governor. Some of the spillway’s gates will likely be open for weeks, and it will be at least that long before the river falls safely below flood stage and those who have evacuated can safely return, said the Corps’ New Orleans district commander. While the spillways will divert water away from Louisiana cities, low-lying central parts of the state will be flooded. Across the South and lower Midwest, floodwaters have already covered about 3 million acres of farmland, eroding for many farmers what could have been a profitable year for corn, wheat, rice and cotton, officials said. Source: http://articles.cnn.com/2011-05-15/us/flooding_1_flood-stage-corps-new-orleans-trailer-home?_s=PM:US


Banking and Finance Sector

14. May 16, Times of Trenton – (New Jersey) Cops: Pair had 180 fake credit cards, $13,000 in cash. Two California residents were apprehended by township police in Cinnaminson, New Jersey, May 14 after a traffic stop and pursuant warrant search yielded 180 counterfeit credit cards and more than $13,000 in cash, officials said. The two suspects were charged with possession of more than 50 counterfeit credit cards, two counts of credit card fraud, and one count of attempted credit card fraud. The duo was remanded to the Burlington County Jail, and their bail was set at $135,000 cash each, police said. Detectives later learned the suspects were staying at a Mount Laurel inn, and police there, along with officials from the U.S. Secret Service, executed a signed warrant on their rooms. The search yielded more evidence, and the investigation is ongoing. Source: http://www.nj.com/news/times/regional/index.ssf?/base/news-23/1305524716170150.xml&coll=5

15. May 15, Seattle Times – (Washington) Tacoma police, Army investigate fraud scam. The U.S. Army and Tacoma, Washington, police are investigating a fraud ring that last year allegedly bilked Army and Air Force Exchange Service stores out of about $500,000 in merchandise, and also hit other businesses that extend credit. Promoters of the scheme promised to reduce debt, persuading some 1,800 people, including dozens of soldiers, to participate. Those people allowed the promoters electronic access to their credit accounts to pay down bills. More than $3 million used to pay those debts was illegally diverted from a bank in Ohio, according to investigative documents and interviews with law-enforcement and bank officials. Now some of the soldiers who accepted the deal risk being charged as co-conspirators in crimes of wire fraud and larceny, according to investigative documents. At Joint Base Lewis-McChord in Washington State, 78 soldiers have come under scrutiny, according to the Army. At least 46 of those soldiers are facing disciplinary actions, including more than a dozen who were charged through the military judicial system. Pierce County prosecutors have yet to file any charges in the case. Source: http://seattletimes.nwsource.com/html/localnews/2015057423_debtfraud15m.html

16. May 14, Federal Bureau of Investigation – (Utah) Utah man indicted in fraudulent lien scheme. An indictment unsealed May 12 in federal court in Salt Lake City, Utah, charges a 53-year-old man from Ogden, Utah, with violations of federal law in connection with alleged schemes to obstruct justice, impede Internal Revenue Service (IRS) laws, pass fictitious documents purporting to be actual financial instruments, assert diplomatic immunity, and defraud others through the use of a fraudulent lien scheme. Ten counts of the indictment, which allege attempted mail fraud or mailings in furtherance of a scheme and artifice to defraud, relate to conduct that started with traffic stops in Ogden and continued through subsequent court proceedings in Weber County. The indictment alleges that in November 2010, the man mailed documents to the attention of various employees or entities of the State of Utah, Weber County, Ogden City, and the Ogden Police Department, which claimed the agencies contracted to pay more than $53 trillion in damages to the man. In an apparent effort to create an appearance of indebtedness, the man followed up by filing a lien against the various employees and entities falsely asserting they owed him more than $53 trillion. The lien was filed on 77 parcels located within Weber County, including municipal property and private residences associated with the employees and entities. The indictment also charges the man with obstructing justice in an effort to impede a matter in U.S. Tax Court by repeatedly filing false and frivolous documents involving the judge in an IRS case, and impeding internal revenue laws. Two counts of the indictment also allege he passed fictitious documents to the U.S. Department of Treasury. Source: http://7thspace.com/headlines/382428/utah_man_indicted_in_fraudulent_lien_scheme.html

17. May 13, Associated Press – (North Carolina) Greensboro man pleads guilty in $9 million scheme. Federal prosecutors said a Greensboro, North Carolina, man has pleaded May 13 to wire fraud and money laundering in a $9 million investment scheme. From 2006 to 2009, prosecutors said the man told investors their money would be invested in different businesses and that they would get their returns when his contracts expired, handing out promissory notes detailing due dates and interest rates. But prosecutors said the man instead used the cash to pay other investors, bought himself cars and trips and paid off a $1 million loan on his Bald Head Island, North Carolina, home. In all, prosecutors said he took more than $9 million from investors. He faces up to 30 years in prison when he is sentenced in August. Source: http://www.wral.com/news/state/story/9594547/

18. May 13, Washington Post – (District of Columbia) D.C. man guilty in bank robbery spree. A 64-year-old Washington, D.C. man pleaded guilty May 14 to robbing 11 banks in the city in a 16-month spree that ended with his arrest in March. The man, who typically claimed to have a gun or a pipe bomb but never showed a weapon, also admitted trying to rob a twelfth bank. Each of the dozen counts against him carries a possible sentence of 20 years in prison, authorities said. Beginning November 23, 2009, the convict robbed a half-dozen Chevy Chase Bank branches, three branches of PNC Bank, and one branch each of Capital One and SunTrust banks, the U.S. attorney’s office said. He also attempted to rob a fourth PNC branch. “In nearly a dozen bank robberies, this prolific bank robber netted just $22,000,” the U.S. attorney said. Source: http://www.washingtonpost.com/blogs/crime-scene/post/dc-man-guilty-in-bank-robbery-spree/2011/05/13/AFTDFt2G_blog.html

Information Technology

46. May 16, IDG News Service – (International) PlayStation Network, Qriocity back for most users. Basic services on the PlayStation Network and Qriocity services were switched on for users in North America, Europe, the Middle East, Australia, and New Zealand for the first time in more than 3 weeks, but users in Asia face a longer wait for service to resume. Sony pulled the plug on the two online services after discovering April 19 that its data center in San Diego, California, was attacked. A subsequent computer forensics investigation into the hack revealed the massive theft of personal information including user names, e-mail addresses, login IDs, and passwords. The PlayStation Network is a platform for online gaming, and a channel through which Sony sells games and other content to console and handheld owners. Qriocity is an online service for Sony’s networked consumer electronics products that offers music and video content. Service was resumed in North America late May 14 and in other markets May 15. PlayStation users were being asked to download a firmware update for the console before they can reconnect to the network. Then, upon login, users must change their password. The only issue in the resumption of services came in the password reset process, which was slowed because of the large number of e-mail messages generated by the system. Some e-mail and Internet service providers temporarily throttled messages from Sony due to the high volume resulting in short delays. Sony also halted the password reset process for 30 minutes to clear a backlog of messages. Source: http://www.computerworld.com/s/article/9216749/PlayStation_Network_Qriocity_back_for_most_users_

47. May 16, Softpedia – (International) Geek.com infects visitors with malware. Security researchers from cloud security provider Zscaler warn that technology Web site geek.com was compromised and many of its pages were executing drive-by download attacks against visitors. Geek.com is one of the oldest technology news Web sites. Attackers managed to inject rogue IFrames into different portions of the site, both within articles and the site’s main pages such as home, about us, etc. According to a senior security research engineer at Zscaler, there are multiple infections and the iframes take visitors to different malicious Web sites. One example is the rogue code injected into an article, which redirects visitors to an exploit kit. These kits perform various checks to determine what versions of certain program users have installed on their computers and then serve exploits for vulnerabilities in those products. The most commonly used applications such as Java Runtime Environment, Flash Player, Adobe Reader, or the browser itself are usually targeted. Source: http://news.softpedia.com/news/Geek-com-Infects-Visitors-with-Malware-200476.shtml

48. May 13, Softpedia – (International) Google’s doodles exploited to distribute scareware. Scareware distributors are exploiting the search traffic generated by Google’s anniversary doodles to infect users with fake antivirus programs. Google habitually honors different individuals or celebrates various holidays by changing their logo with graphics drawn specifically for that occasion which are dubbed “doodles.” If the celebration has an international significance, Google changes the logo on all of its localized Web sites. When clicked, these doodles lead users to a Google search page for a set of keywords related to the event. For example, the week of May 9, Google replaced its logo with a doodle to honor an internationally recognized American modern dance legend. Clicking on the doodle took users to Google search results for the dancer, with the third entry on the page being a slide of image results from Google Images. According to security researchers from German antivirus vendor Avira, several of the images displayed in those search results were linking to malicious scareware pages. Clicking on them took users to Web sites displaying fake antivirus scans and distributing a rogue security application to help them clean fictitious infections found on their computers. Source: http://news.softpedia.com/news/Google-s-Doodles-Exploited-to-Distribute-Scareware-200389.shtml

49. May 13, H Security – (International) Backwards Unicode names hides malware and viruses. AV vendor Norman discovered malware that camouflages its file name via special Unicode characters. For instance, they may show up as exe.importantdocument.doc in the e-mail client or in Windows Explorer. However, an executable file that will still be treated as such by the system, and launched when double-clicked, is hidden behind this file name. Norman’s virus analyst said this effect is caused by such Unicode characters as 0x202E (right-to-left override) and 0x202B (right-to-left embedding). When located in the right place, a file name such as cod.stnemucodtnatropmi.exe suddenly turns into some “important documents.” The telltale “exe” at the beginning can be hidden further. For instance [RTLO]cod.yrammusevituc[LTRO]n1c[LTRO].exe turns into the seemingly harmless n1c.executivesummary.doc when displayed in Explorer, which is unlikely to raise suspicion. However, the system will still recognise the “.exe” file extension and treat the file accordingly. Source: http://www.h-online.com/security/news/item/Backwards-Unicode-names-hides-malware-and-viruses-1242114.html

For another story, see item 51 below

Communications Sector

50. May 16, Twinsburg Bulletin – (Ohio) Dix websites’ ad server attacked by malware. The Web banner server on Dix Communications newspaper Web sites, including the www(dot)xxxx-xxxx.com, was attacked by a computer spyware virus earlier in May. The malware virus can download itself onto Windows-based computers, attempting to steal data. Users may have received a warning page generated by their browser software for a limited period on the afternoon of May 6. “Unfortunately, malicious attacks like this are too common on the Internet,” the president of the Internet Division of Dix said. “The virus was identified and removed promptly, but illustrates the risks prevalent on the Internet. Most people running PCs these days run updated anti-virus software on their personal computers, and their anti-virus software should have stopped this type of attack.” The FBI was contacted about the attack, and steps have been taken to further protect Dix Web sites and their users from future attacks. Dix said no data was breached on its servers during the attack. Source: http://www.twinsburgbulletin.com/news/article/5035287

51. May 13, IDG News Service – (International) Microsoft explains recent hosted e-mail outages. Microsoft offered some details about outages that recently plagued its hosted e-mail customers in the Americas. In a blog post May 12, Microsoft described four separate issues that occurred the week of May 9 that prevented or delayed e-mail delivery. The first started at 9:30 a.m. May 10 on the West Coast when “malformed e-mail traffic” stopped the e-mail service from working, despite a capability in the service designed to handle such traffic, the corporate vice president of Microsoft Online Service wrote. Microsoft isolated the problem traffic at noon, but customers faced total delays of 6 to 9 hours for e-mail delivery. A similar issue with malformed traffic hit at 9:10 a.m. and again at 11:35 a.m. May 12. The second issue resulted in the backup of 1.5 million messages waiting to be delivered. That meant some customers may have experienced e-mail delivery delays of as long as 3 hours, he said. The final incident happened the afternoon of May 12 with a Domain Name Service failure on the site that hosts Web access to Outlook in the Americas. The issue prevented users from accessing Outlook Web Access, and impacted some functions of Microsoft Outlook and Microsoft Exchange ActiveSync devices. That problem took about 4 hours to fix. Source: http://www.computerworld.com/s/article/9216697/Microsoft_explains_recent_hosted_e_mail_outages

No comments: