Friday, October 21, 2011

Complete DHS Daily Report for October 21, 2011

Daily Report

Top Stories

• Some 70,000 bridges nationwide, including 215 in the Washington D.C. area, have been rated structurally deficient by federal, state, and local agencies, a new report said. – Washington Post (See item 14)

14. October 19, Washington Post – (District of Columbia; National) Key Bridge, 14th St. Bridge among 215 area bridges rated structurally deficient. Some 215 bridges in the Washington, D.C. region are structurally deficient, including three of the five major bridges that cross the Potomac into Washington, according to a report released October 19. The group Transportation for America said the Key Bridge, the Memorial Bridge, and the 14th Street Bridge all need immediate repair. More than 215,000 vehicles cross them on an average day. The 14th Street Bridge is scheduled to undergo a complete overhaul in the next 4 years. The area bridges were among 70,000 nationwide rated structurally deficient by federal, state, and local agencies. That rating means they need substantial repair or replacement. Transportation for America, a coalition of groups focused on national transportation policy, compiled its report from 2009 Federal Highway Administration (FHWA) data, the most recent available. The FHWA explained that bridges are considered structurally deficient if significant load-carrying elements need repair. Rating a bridge deficient does not imply it is likely to collapse or is unsafe, but that it might need closer monitoring or more frequent inspections. The District had the region’s oldest bridges, with an average age of 57 years, and 30 of them were in structural trouble, 12.3 percent of the total. Pittsburgh, which sits at the confluence of three rivers, had more deficient bridges than any other metropolitan area. About 30 percent of its bridges were bad. Oklahoma City topped the list of areas under 2 million people, with almost 20 percent of its bridges rated deficient, and Tulsa, Oklahoma ranked first in the under 1 million population category with close to 28 percent of its bridges in need of immediate repair. Source:

• More than half of Virginia's high-hazard dams do not meet minimum state safety requirements, according to a new report by the Virginia Department of Recreation and Conservation. – Staunton News Leader (See item 50)

50. October 19, Staunton News Leader – (Virginia) It's a dam hazard in Augusta County. More than half of Virginia's high-hazard dams do not meet minimum state safety requirements, said a new report by the Virginia Department of Recreation and Conservation (VDRC). It said that out of 13 high hazard dams in Augusta County, 5 do not meet the standard, putting 378 residents at risk. Upgrades to two dams is in the design phase and will cost millions. The Augusta County Service Authority is responsible for the costlier of the projects, an upgrade to Coles Run Dam. It is expected to cost $4.5 million. The authority hopes to start construction next summer. Currently, 81 percent of significant hazard dams in Virginia, those that would possibly result in loss of life and significant property damage, do not meet state requirements, the report said. "Because these [projects] are very expensive and a lot of the dam owners did not have the funds, for years we were sort of automatically renewing their conditional operation certificates," said a VDRC spokesman. If dam owners do not get under compliance with the state regulation, the department can take its own action, such as draining a lake, and then charge the dam operator for the cost, the spokesman said. Source:


Banking and Finance Sector

10. October 20, Pittsburgh Post-Gazette – (Pennsylvania) FBI: Bethel Park latest target for serial bank robber. A man investigators believe is responsible for two bank robberies in the past week struck again October 19, this time hitting a First Niagara Bank in Bethel Park, Pennsylvania, according to the FBI. A special agent with the FBI said the bank, on the 4000 block of Library Road, was robbed at around 9:15 a.m. Based on surveillance photos, the agency believes the same man robbed a Citizens Bank in McCandless October 14, and another branch of the same bank in Fox Chapel October 17. In each of the cases, the man handed a teller a note demanding money and told them he had a weapon, though none has been seen. The tellers complied and he made off with the cash in a small, light-colored SUV. Source:

11. October 19, City News Service – (California) Well-Dressed Bandit arrested; suspect in 10 bank robberies. A man suspected of committing 10 bank robberies in the San Diego-area — and dressing up for the occasions — was arrested October 19, authorities reported. He was taken into custody in the 5500 block of Friars Road in Mission Valley about 6:45 a.m., according to the FBI. He allegedly is responsible for a 16-month spree of heists committed by a thief nicknamed the "Well-Dressed Bandit'' by investigators due to his tendency to wear a dark suit, leather jacket, or scarf during his crimes. During the most recent robbery, the thief tried to simulate a concealed gun by holding his hand stiffly in his jacket pocket, the FBI said. A witness saw him fleeing the scene of that crime in a black Lexus or Mercedes-Benz and was able to take down a partial license plate number. He was being held without bail in county jail and was expected to make his initial appearance before a federal judge October 21. Source:

12. October 19, U.S. Commodity Futures Trading Commission – (California; Nevada) CFTC obtains permanent injunction against California resident Scott Bottolfson and his two companies for defrauding customers in multi-million dollar commodity pool Ponzi scheme. The U.S. Commodity Futures Trading Commission (CFTC) October 19 announced a federal judge entered a consent order of permanent injunction against a man and Spirit Investments, Inc. (Spirit), both of Encinitas, California, and Increase Investments, Inc. (Increase) of Reno, Nevada, requiring them jointly and severally to pay a civil monetary penalty of $6,813,462.51. The order also imposes permanent trading and registration bans against the defendants. The court’s order stems from a CFTC enforcement action filed January 7, that charged the man, Spirit, and Increase with operating a $14 million commodity pool Ponzi scheme, and misappropriating $11 million of customer funds from at least 2002 through 2010. The order found the man solicited pool participants to trade commodity futures in two commodity pools, through his companies, Increase and Spirit. He solicited about $14 million from participants to be traded in the pools, but instead of trading pool participant funds as promised, he deposited only about $2.97 million into trading accounts. The remaining $11.03 million was deposited into his personal accounts and used for his personal expenses, to make so-called profit payments to participants, as is typical of a Ponzi scheme, or was otherwise misappropriated. Of the $2.97 million deposited into trading accounts, he lost about $845,000 trading, the order said. On February 11, judgment was entered against the man in the criminal case, finding him guilty of wire fraud. He received a 60-month jail sentence, and was ordered to pay $6,813,462.51 in restitution. Source:

13. October 19, Tulsa World – (National) Ex-SemGroup CEO settles in SEC suit. The co-founder and former chief executive officer (CEO) SemGroup LP (SGLP) agreed October 18 to pay $225,000 in fines and give up $1.2 million worth of stock to settle a U.S. Securities and Exchange Commission's (SEC) civil lawsuit accusing him of misleading investors for his own gain amid the Tulsa, Oklahoma-based energy company's financial collapse in 2008. The former CEO's consent does not admit any wrongdoing or denial of the federal allegations, which included misrepresentation of SemGroup's dire financial situation while encouraging investors in subsidiary SemGroup Energy Partners LP in 2007 and 2008. The subsidiary touted its "stable and predictable revenues" from throughput and terminal agreements with the parent SemGroup worth more than $100 million annually. The former CEO's oil futures trading strategy, however, led to $2.7 billion in realized losses by July 2008, days before SGLP's stock tumbled 50 percent. "[He] should have known that SemGroup was not successfully managing commodity price risk ... He also should have known that more complete disclosure of these risks would be material to SGLP investors," the SEC filing stated. The former CEO, who was fired in October 2008, also will have to give up 150,000 units in the former SGLP, now called Blueknight Energy Partners. The company's oil futures trading strategy, guided by the former CEO, historically was profitable, but rising oil prices overwhelmed the strategy and increased SemGroup's net derivative liabilities to $2.9 billion by May 2008, according to the federal filing. The former CEO sold SemGroup's trading book on the New York Mercantile Exchange to Barclay's around July 10. The move forced SemGroup to realize $2.7 billion in market-to-market losses. Still, most of SGLP's investors knew nothing about the parent company's pending financial fall until July 17, when the value of units dropped from $22.80 to $11 in one day. Source:

Information Technology Sector

36. October 20, Softpedia – (International) Flash vulnerability allows website admins to spy on visitors. A computer science student from Stanford University discovered a flaw in Adobe Flash that would allow a Web site administrator to remotely and silently turn on a visitor’s Web cam and microphone, Softpedia reported October 20. According to the student, the trick works in all versions of Flash in most Mac browsers. Windows and Linux browsers are not susceptible, probably because of a CSS bug, but he believes an adaptation would not be too difficult to accomplish. It looks as if this click-jacking method has been used before, but since Adobe added a framebusting JavaScript code, the whole thing appeared to be fixed. The old method relied on inserting the Adobe Flash Settings Manager page into an invisible iframe, masking it with a game or something that would urge users to click. The student managed to bypass this restriction by putting only the SWF file into an iframe, instead of the whole settings page. Source:

37. October 19, H Security – (International) Oracle fixes 77 vulnerabilities, including Java and database holes. Oracle released two Critical Patch Update advisories, H Security reported October 19. One of the advisories describes 20 security holes in the Java Runtime Environment. The other deals with a collection of 57 holes in such traditional Oracle products as the company's database and middleware solutions, and in Oracle Linux 5. Since some holes were rated critical, Oracle recommended users install the updates as soon as possible. Five of the Java holes alone were given the maximum CVSSv2 score of 10.0. Things were not quite as dramatic with the classical Oracle products, where only one Solaris hole in the LDAP service was in the top range at 9.3. Source:

38. October 19, SC Magazine – (International) New Mac malware variant disables OS X defenses. Malware authors updated a Mac trojan to disable the anti-malware protection Apple built into its OS X platform, researchers warned. A new variant of the so-called "Flashback" backdoor trojan, dubbed Flashback.C, attempts to disable the automatic updater component of XProtect, the built-in Mac OS X anti-malware application, researchers at anti-virus firm F-Secure said in a blog post October 19. Like earlier variants, the malware masquerades as an update to Adobe Flash Player, and to be installed requires users to enter their administrator password. Researchers do not know how many users have been infected with the latest variant of Flashback, discovered October 17, but the number is believed to be “very small,” the chief research officer at F-Secure, told Source:

For more stories, see items 39 and 40 below in the Information Technology Sector

Communications Sector

39. October 20, Fremont Tribune – (Nebraska) Internet, long distance service out in 43 communities. A construction crew damaged a Great Plain Communication fiber line, resulting in a loss of Internet access to 43 communities across Nebraska, Great Plains Communications announced October 20. Incoming long distance telephone calls may also be affected in some communities. Area communities affected by the outage include Dodge, North Bend, Scribner, and Herman. The cable was buried more than 6 feet underground. Construction crews typically locate and avoid buried cable, but a Great Plains news release said it was unclear how the line was missed. "Great Plains Communications is working to reconnect the damaged line and expects to have the problem fixed shortly," the release said. The company is also working to re-route Internet traffic on its redundant fiber ring. Source:

40. October 20, Laurinburg Exchange – (North Carolina) Internet down again. More than 6,000 AT&T customers in the Laurinburg, North Carolina-area were without Internet service October 19. The outage, which began around 2 p.m., follows a similar disruption October 17. That outage began around the same time and was not fixed until well into the evening. Representatives with AT&T customer service said they were unable to comment on the cause of the outages. They did say service could be restored within hours or as late as midnight October 20. Outages have not been limited to the downtown area. A number of medical offices near the hospital have been similarly affected. Source:

41. October 19, KDRV 12 Medford – (Oregon) Klamath County working on 911 outage. The Klamath Emergency Communications District in Oregon reported a 911 emergency outage October 19. A little after 9 a.m. October 19, CenturyLink experienced a fiber cut 2.4 miles outside of Merrill. The cut affected the ability to call out of the areas of Merrill, Malin, Lakeview, Bonanza, and Chiloquin areas, which has affected the ability to call 911. The Klamath 911 Communications District said they rerouted the 911 lines to be answered by local emergency responders. As of the afternoon of October 19, they did not have an estimated repair time. Source: