Tuesday, March 15, 2011

Complete DHS Daily Report for March 15, 2011

Daily Report

Top Stories

• Associated Press reports water levels dropped precipitously inside a nuclear reactor in Japan March 14, twice leaving the uranium fuel rods completely exposed and raising the threat of a meltdown. (See item 12)

12. March 14, Associated Press – (International) Meltdown threat rises at Japanese nuclear plant. Water levels dropped precipitously inside a nuclear reactor at the Fukushima Dai-ichi plant in Japan March 14, twice leaving the uranium fuel rods completely exposed and raising the threat of a meltdown, hours after a hydrogen explosion tore through the building housing a different reactor. Water levels were restored after the first decrease, but the rods remained partially exposed late March 14, increasing the risk of the spread of radiation and the potential for an eventual meltdown. A top Japanese official said the fuel rods in all three of the most troubled nuclear reactors appeared to be melting. Of all these troubles, the drop in water levels at Unit 2 had officials the most worried. “Units 1 and 3 are at least somewhat stabilized for the time being,” said a nuclear and industrial agency official. “Unit 2 now requires all our effort and attention.” Workers managed to raise water levels after the second drop, but they began falling for a third time, according to a nuclear agency official. They are now considering spraying water directly on the container to cool it. In some ways, the explosion at Unit 3 was not as dire as it might seem. The blast actually lessened pressure building inside the troubled reactor, and officials said the containment shell had not been damaged. In addition, officials said radiation levels remained within legal limits. A similar hydrogen blast destroyed the housing around the complex’s Unit 1 reactor March 12, leaving the shell intact but resulting in the mass evacuation of more than 185,000 people from the area. Source: http://www.katv.com/Global/story.asp?S=14248009

• According to ABC News, 15 people died after a horrific tour bus crash on a New York City highway that authorities believe may have been caused by speeding. (See item 25)

25. March 14, ABC News – (New York) New York tour bus crash claims 15th victim. A fifteenth victim died March 14 after a horrific tour bus crash on a New York City, New York highway March 12. The 70-year-old man died from his injuries at about 7:30 a.m., police said. Several more injured passengers remain hospitalized, most in critical condition. While an exact cause is still under investigation, authorities believe the accident may have been caused by the bus driver speeding rather than, as he told police, a tractor trailer clipping the bus. Several witnesses told authorities that the bus traveling a high rates of speed, south on Interstate 95 before it flipped on its side, skidded 100 yards along a guard rail and struck a pole, which sliced the discount tour bus nearly in half at the passenger seat level. In a statement March 14, a U.S. Senator and Congresswoman from New York called on the National Transportation Safety Board to investigate the safety regulations of discount tour buses. “The low-cost intercity bus travel industry along the Northeast corridor has expanded rapidly in recent years and it appears safety regulations haven’t kept pace,” the Congresswoman said in the statement. The board has previously pushed for tougher regulations on driver fatigue. Source: http://abcnews.go.com/US/15th-victim-dead-tour-bus-crash-york/story?id=13132219&page=1

Details

Banking and Finance Sector

18. March 12, Associated Press – (International) Ind. AG: Donate responsibly to earthquake relief. Indiana’s attorney general advised people wanting to give money for Japanese earthquake relief to check out the charities carefully. He warned scam artists might try to solicit donations. He urged potential donors to use the Web site www.CharityNavigator.org to check whether a charity uses donations for intended purposes. He suggested donating to established organizations with strong track records of providing disaster relief. He also said donors should initiate the donation themselves rather than responding to online or telephone solicitations. Donors should look for “https” in the organization’s Web address to confirm an online donation site is secure. He said many new and untested relief groups solicited donations online and by e-mail after the Haiti earthquake in 2010. Source: http://www.chicagotribune.com/news/local/chi-ap-in-earthquakerelief-,0,4744271.story

19. March 12, Softpedia – (Florida; National) Phishers start targeting regional credit unions. Security researchers warn phishers are becoming more focused in their attacks and have begun targeting regional credit unions. Traditionally phishers have targeted large financial institutions to reach the highest number of potential victims. However, people tend to be less suspicious of e-mails received from smaller, obscure institution. It appears phishers are catching on researchers from messaging security vendor AppRiver noted, citing a recent campaign targeting members of the Grow Financial Credit Union in Tampa Bay, Florida. The rogue e-mails pose as security alerts warning recipients their accounts have possibly been compromised. In order to restore access, users are asked to complete a form attached to the e-mail. The attachment displays a clone of the Grow Financial Web site with a form to input account number and password, as well as credit card details. The use of attachments for phishing is not a new technique, but not a traditional one either. It appears to have become more common during the past year. “Since most people are very cautious of clicking links in e-mails, perhaps the cybercriminals feel that delivering the entire Web page will increase the perceived legitimacy of the message,” an AppRiver researcher explained. Source: http://news.softpedia.com/news/Phishers-Start-Targeting-Regional-Credit-Unions-189189.shtml

20. March 12, Willoughby News-Herald – (Ohio) Duo sought in connection with area bank robberies. A recent rash of robberies in the Cleveland, Ohio area have kept authorities on their toes with their eyes peeled. An FBI Special Agent said the city has taken the brunt of the recent wave, but Lake County hasn’t been immune as the county has already seen four bank robberies since the first of the year. As a reference point, the county had just one bank robbery in 2010 — at a Willoughby bank that did not happen until late December. Since then, robberies have taken place at three more Willoughby banks and one Mentor bank. An FBI spokesman said three of those robberies were likely conducted by a duo that has been hitting banks throughout the area over the past few months. “We know it’s a couple of guys working together,” he said. “They’re hitting us pretty hard all around the Cleveland area.” He said the duo is likely responsible for a majority of the 19 bank robberies so far in 2011 in Cuyahoga County, including the robberies of 2 Euclid banks in a matter of minutes February 7. Source: http://news-herald.com/articles/2011/03/12/news/nh3749933.txt?viewmode=fullstory

21. March 11, Nothern Valley Suburbanite – (New Jersey; New York) Tenafly police looking for suspect in ATM fraud. Detectives are looking for a man they allege placed a skimming device on an ATM at a Bank of America branch in Tenafly, New Jersey, February 21. A police captain said the suspect was recorded by surveillance equipment placing the device on the machine at 1:44 p.m. and retrieving it 2 hours later. A police spokesman said such devices are used to mine information about ATM users and then obtain money fraudulently from cash machines. He said that customers who used the Tenafly machine have reported a total of $4,000 has been stolen from their accounts so far. The captain said the fraudulent transactions were in Teterboro, Hackensack, and New York City. They took place February 26, 27, and 28. Source: http://www.northjersey.com/news/117802428_Tenafly_police_looking_for_suspect_in_ATM_fraud.html

22. March 11, Beverly Hills Courier – (California) Disbarred attorney charged in $9.5 mil. investment scam. A disbarred attorney from Beverly Hills, California, was set to be arraigned March 14 on charges he conned at least 10 victims out of more than $9.5 million by promising huge profits from phony investments in oil ventures. The man allegedly solicited funds from investors who were told their money would be put into various oil companies and oil-related ventures in Oklahoma and California. Claiming investments would be made in various companies, he promised substantial returns, according to the indictment. The indictment alleges that instead of using investors’ money for the oil ventures, the man and his then-wife spent the cash for their own personal use, including the purchase of a Beverly Hills home and an interest in the now-closed Prego restaurant, also in Beverly Hills. Federal prosecutors further allege the suspect failed to tell victims he had previously been convicted of mail fraud; that he had been disbarred from the practice of law by Nevada; and that a federal judge in Texas had ordered him and Westar Oil to stop violating securities law and to pay $3 million in penalties to settle a lawsuit filed by the Securities and Exchange Commission. Source: http://www.bhcourier.com/article/Local_News/Local_News/Disbarred_Attorney_Charged_in_95_Mil_Investment_Scam/75086

23. March 11, KXRM 21 Colorado Springs – (Colorado) Men who allegedly robbed 8 banks arrested. Police in Colorado Springs, Colorado, arrested two men they said are responsible for eight robberies in the city since December 28. Police arrested a 30-year-old and a 28-year-old March 8, shortly after the two allegedly robbed Air Academy Credit Union. The duo had a system where one would go into a bank with a gun demanding money, while the other waited in a getaway car. The robbery unit, tactical enforcement unit, and FBI officers investigated throughout the 10-week robbery period. They found critical evidence March 3. Investigators recognized the Air Academy robbery as part of the pattern. They responded to the 2100 block of Collier Avenue, where the suspects were seen leaving in two separate cars. Police pulled them over in separate locations and found more evidence, including large amounts of cash. Police also found weapons in a garage in the 1000 block of E. Rio Grande Street. The garage belongs to a relative of one of the men, and detectives found four semi-automatic guns and hundreds of rounds of ammunition. The two were co-workers and workout partners. Source: http://www.coloradoconnection.com/news/story.aspx?id=591861

Information Technology

52. March 14, IDG News Service – (International) Taiwanese semiconductor firms face supply shortages in Japan. Taiwan’s major semiconductor manufacturers, a crucial link in the global tech supply chain, scrambled March 14 to gauge how their access to raw materials from Japanese suppliers will be affected by the powerful earthquake in Japan. United Microelectronics, ProMOS Technologies, and other companies said they were unsure how long inventories of wafer stock such as silicon would last and how disruptions in transportation or power following the quake on will upset supplies. Most can get by for 1 to 2 months, analysts believe. Japan supplies an estimated 50 percent of raw 12-inch wafers and 30 percent of raw 8-inch wafers to Taiwan. Any halt in supplies would likely raise prices paid by semiconductor customers such as Apple, and ultimately by buyers of PCs, smartphones, and electronic gadgetry. Source: http://www.computerworld.com/s/article/9214438/Taiwanese_semiconductor_firms_face_supply_shortages_in_Japan

53. March 14, Help Net Security – (International) Spoofed reported attack pages lead to ransomware. A recent malicious campaign spotted by GFI researchers uses a variation of spoofed reported attack pages, which spurs users to install an “update” for Internet Explorer. The offered update is fake and the downloaded code actually locks the user out of his/her PC and plasters a warning across the the screen telling him/her that 19 “unlicensed software, movies and music” files have been found on the computer, along with “materials with pornographic content (including homosexual content pornography).” While threatening to send the “evidence” to the police, the scammers offer the user a way out by calling a phone number and paying a ransom fee. Source: http://www.net-security.org/malware_news.php?id=1667

54. March 12, IDG News Service – (International) New attacks leverage unpatched IE flaw, Microsoft warns. An Internet Explorer flaw made public 2 months ago is now being used in online attacks. The flaw, which has not yet been patched, has been used in “limited, targeted attacks,” Microsoft said March 11 in an update to its security advisory on the issue. Google concurred, and offered a few more details. “We’ve noticed some highly targeted and apparently politically motivated attacks against our users,” Google said in blog post. “We believe activists may have been a specific target. We’ve also seen attacks against users of another popular social site.” The attack is triggered when the victim is tricked into visiting a maliciously encoded Web page — a Web drive-by attack. It gives the attacker a way of hijacking the victims browser and accessing Web applications without authorization. The flaw lies in the Windows MHTML (Mime HTML) parsing software used by Internet Explorer, and affects all currently supported versions of Windows. It was disclosed on the Full Disclosure mailing list in January. Microsoft has released a Fixit tool that users can download to repair the problem, but has not said when, or even if, it plans to push out a comprehensive security update to all users. Source: http://www.computerworld.com/s/article/9214259/New_attacks_leverage_unpatched_IE_flaw_Microsoft_warns

55. March 11, Reuters – (International) 4-Japan quake hits Toshiba chip plant, shipments. Japan’s biggest-ever earthquake halted production briefly at Toshiba’s chip plants March 11 and could delay crucial shipments, although partner SanDisk said output losses were minor. Toshiba Corp. and SanDisk share cutting-edge facilities in Yokkaichi, where they make NAND chips increasingly in demand by Apple and other mobile device makers. A SanDisk spokesman told Reuters some silicon wafers in the delicate manufacturing process had been spoiled, while Toshiba warned of delivery delays due to problems with road, rail, and other transportation. Japan is a major electronics manufacturer, accounting for 14 percent of the global production of computers, consumer electronics, and communications gear in 2010, according to IHS iSuppli. Source: http://www.reuters.com/article/2011/03/12/japan-quake-electronics-idUSN1121658420110312

56. March 11, Softpedia – (International) SpyEye now capable of launching DDoS attacks. The SpyEye banking trojan has been updated with distributed denial-of-service (DDoS) functionality and is being used to attack a command and control (C&C) blacklisting project. According to experts from RSA FraudAction Research Lab, the new DDoS plug-in was added to SpyEye v.1.3.10 specifically to attack abuse.ch. Abuse.ch is a project created by a Swiss security researcher several years ago to track C&C servers for the most prevalent botnets. The effort started with ZeuS Tracker and expanded with SpyEye tracker and more recently Palevo Tracker. All of these services track C&Cs in real time using a variety of techniques and they provide useful data for ISPs and companies who use it to block the offending IPs at network level. According to an independent security journalist, the abuse.ch trackers are so effective that high profile SpyEye botnet masters have recently began brainstorming to find methods to destroy them or at least throw them off track, including DDoS and credibility attacks, both of which are to be executed with the help of SpyEye botnets. The latest SpyEye variants come with a DDoS plug-in and specify legitimate Web sites as backup C&Cs in their configuration files. Source: http://news.softpedia.com/news/SpyEye-Now-Capable-of-Launching-DDoS-Attacks-189186.shtml

57. March 11, Computerworld – (International) Microsoft: No Pwn2Own bug in IE9. On March 10 Microsoft said its Internet Explorer 9 (IE9) does not contain the bug exploited the week of March 6 by an Irish researcher at the Pwn2Own hacking contest. But while IE9 is not vulnerable to attacks using the same Pwn2Own exploit, up to 99 percent of IE’s users may be at risk. A researcher from Harmony Security chained three exploits to hack the older IE8 March 9. Shortly after the hacking success, Microsoft said it had the vulnerabilities in hand and had started investigating. IE9, however, will not need a patch. “The vulnerability was addressed in the RC [release candidate] and RTM [release to the Web] versions of Internet Explorer 9,” said a group manager with the Microsoft Security Response Center. “This update is already in the pipe for down level-versions of Internet Explorer.” Microsoft launched IE9 RC a month ago, and planned to make IE9 RTW available for download March 14. But because IE9 has such a small share of the browser market, the overwhelming majority of IE users will have to wait for a patch aimed at the older versions. According to the latest statistics from Web metrics company Net Applications, IE6, IE7, and IE8 make up 99 percent of all versions of Internet Explorer in use. Although the Microsoft spokesman said that a fix is “already in the pipe,” Microsoft declined to specify a patching timetable. Source: http://www.computerworld.com/s/article/9214210/Microsoft_No_Pwn2Own_bug_in_IE9

Communications Sector

58. March 14, Wall Street Journal – (International) Rush to fix quake-damaged undersea cables. Asia’s major telecom operators scrambled March 14 to eliminate the impact on their operations from damage to several submarine cables following the massive earthquake and tsunami in Japan. Many operators were reporting some disruptions in Internet access, though the partial restoration of service was accomplished by rerouting traffic over undamaged cables and via satellites. About half of the existing cables running across the Pacific are damaged and “a lot of people are feeling a little bit of slowing down of Internet traffic going to the United States,” the chief executive of Hong Kong-based cable-network operator Pacnet said. He declined to name the damaged cables operated by other companies, but said Pacnet’s cable system connecting Japan to the U.S. is not damaged so far. Most international Internet-data and voice phone calls are transmitted as pulses of light via the hundreds of undersea fiber-optic cables. The cables, which can cost hundreds of millions of dollars, are typically owned by consortia of telecom companies, who share costs and capacity. While the clusters of glass fibers are enclosed in protective material, they remain vulnerable to undersea earthquakes, fishing trawlers, and ship anchors. There are also many choke points around the globe, where a number of cables converge. While the extent of the damage to undersea cables is unclear and financial losses unknown, operators said they are undergoing an inspection and looking to expedite restoration. Source: http://online.wsj.com/article/SB10001424052748704893604576199952421569210.html?mod=WSJ_Tech_LEFTTopNews