Thursday, May 31, 2012

Complete DHS Daily Report for May 31, 2012

Daily Report

Top Stories

• Softball-size hailstones and high winds swept across Oklahoma, May 28-29 forcing about 100,000 people to lose power, downing numerous power lines, and closing many roads. – Oklahoma City Oklahoman

1. May 30, Oklahoma City Oklahoman – (Oklahoma) Severe storms graze swath across Oklahoma over two days. Softball-size hailstones and high winds left evidence of severe storms that swept across Oklahoma May 28-29, with property damage stretching from Lawton to Grove and at least three people reporting injuries. Nearly 100,000 people lost power in the Oklahoma City metro area. Downed power lines caused traffic snags, and high water trapped some people in vehicles. An Oklahoma City Police lieutenant and the Oklahoma City Fire Department deputy chief confirmed downed power lines and reports of hail damage and broken windows, especially in northern and northwest Oklahoma City. The deputy chief also reported “21 power line incidents.” Downed power lines also caused traffic problems at intersections. Source:

• Government filings revealed the San Onofre nuclear power plant in San Diego County operated for decades with equipment that might have temporarily severed the plant’s emergency power supply in the event of an earthquake. – Associated Press

11. May 30, Associated Press – (California) Filings reveal more trouble at San Onofre power plant. The San Onofre nuclear power plant in San Diego County, California, operated for decades with equipment that might have temporarily severed the plant’s emergency power supply in the event of an earthquake, government filings revealed May 29. The company disabled the equipment — a vibration sensor — and reported the power issue to federal regulators as “an unanalyzed condition that significantly degraded plant safety.” Edison said other back-up systems were in place during that time. At issue is a vibration sensor in use since 1981 on emergency diesel generators. Engineers found the sensor — designed to protect components inside the generators during operation — might incorrectly stop them during an earthquake. Source:

• Owners of two Caribbean timeshares bilked 1,200 investors out of $163 million in a 5-year Ponzi scheme, the U.S. Securities and Exchange Commission said. – Courthouse News Service See item 16 below in the Banking and Finance Sector

• South Carolina emergency officials announced big changes in hurricane storm coverage that includes much larger evacuation zones and earlier evacuation orders in the Myrtle Beach area. – Myrtle Beach Sun News

47. May 30, Myrtle Beach Sun News – (South Carolina) Study brings big change to Myrtle Beach-area hurricane evacuation plans. May 30, South Carolina emergency officials rolled out a substantial change in hurricane storm coverage that includes much larger evacuation zones and earlier evacuation orders in the Myrtle Beach-area. Using the latest technology, officials with the Federal Emergency Management Agency and the U.S. Army Corps of Engineers looked at all the issues that would result with a hurricane making impact in the State, the behavior of residents during a storm, the topography of the area and storm surge impacts, and how long it would take to evacuate residents and tourists. Officials will call for evacuations based on a formula that calculates the strength of the storm, the predicted storm surge, and where it could make landfall. Due to population increases, a new zoning system was also established. Since Hurricane Hugo in 1989, Horry County’s population has gone from 144,000 in 1990 to 269,300 according to the 2010 census. Carolina Forest shot up 506 percent between 2000 and 2010. Where once the Intracoastal Waterway served as a line of demarcation between coastal danger and inland safety, new storm surge models showed that areas of Horry and Georgetown counties that had never been under a mandatory evacuation order could be impacted by rising waters and should be evacuated. To ensure residents are aware of what zone they live in and what actions they need to take before a storm threatens, officials are planning several community events. Also under the new system, the governor will no longer issue voluntary evacuation orders; only a mandatory evacuation order will be issued by the governor. Source:

• Six people were shot in Seattle May 30. Two were killed and three wounded at a cafe, and a third person was killed in a separate shooting minutes later, police said. – MSNBC

59. May 30, MSNBC – (Washington) Gun violence in Seattle leaves at least three dead, three wounded. At least three people were killed and three others wounded in two separate shootings minutes apart in Seattle, May 30, police said. Police confirmed that two male victims were dead in a shooting at a north Seattle cafe. Two more men and a woman were taken to the hospital. The shooting occurred at the Cafe Racer in a commercial district near the University of Washington campus. Roosevelt High School, four blocks from the incident, was on lockdown as police looked for a suspect. About a half hour later, some 5 miles to the south, a woman was shot several times during what police said was a carjacking at a parking lot next to town hall. Police found the car and a handgun miles away in a residential neighborhood. Suspects in both shootings were still at large as of late afternoon that day. Source:

• Heavy rains in the St. Paul and Minneapolis, Minnesota areas led the U.S. Army Corps of Engineers to close three locks and dams on the Mississippi River to recreational boaters for at least 1 week. – Minnesota Public Radio

62. May 29, Minnesota Public Radio – (Minnesota) Heavy rain closes Mississippi River locks. Heavy rains in the St. Paul and Minneapolis, Minnesota, areas led the U.S. Army Corps of Engineers to close three Minneapolis locks and dams on the Mississippi River to recreational boaters May 29. A spokeswoman said the locks and dams close when the water flow is greater than 30,000 cubic feet per second. The closures included Upper and Lower St. Anthony Falls locks and dams, and the Ford Dam. Closure will likely last for at least a week or longer if the rain continues. Source:


Banking and Finance Sector

13. May 30, Associated Press – (International) US levies new sanctions on key Syrian bank. The U.S. Department of the Treasury levied sanctions on a key Syrian bank as it seeks to ratchet up economic pressure on the Syrian president’s regime, the Associated Press reported May 30. Treasury said the Syria International Islamic Bank (SIIB) was acting as a front for other Syrian financial institutions seeking to circumvent sanctions. The new penalties prohibit the SIIB from engaging in financial transactions in the United States and freeze any assets under U.S. jurisdiction. The tightened sanctions come as the United States grapples for ways to quell deadly violence in Syria and spur a political transition. Treasury said it will also host a meeting in Washington, D.C., the week of June 4 of the Friends of Syria working group on sanctions. The meeting, co-chaired by the United States, Turkey, and Qatar, will focus on ways to strengthen sanctions against the Syrian president’s regime. Source:

14. May 30, Associated Press – (North Dakota) Former Dickinson bank officer to plead guilty to fraud today. A former trust officer at a Dickinson, North Dakota bank was scheduled to plead guilty to conspiracy to commit bank fraud May 30. The trust officer is accused of plotting with her husband to steal almost $750,000 from five clients at the Bank of the West. Federal court documents said most of the money was funneled to the officer’s sister and nephew. Court records said she also conspired to take over one client’s mineral interests in four western North Dakota counties. The officer is accused of stealing more than $130,000 from her. She has reached a plea agreement with prosecutors and is scheduled to plead guilty in federal court in Bismarck. Her husband has already pleaded guilty. Source:

15. May 30, Government Security News – (National; International) Romanian extradited in computer scheme that allegedly stole credit card info at U.S. cash registers. A Romanian man was extradited to the United States to face charges that he was part of a fraud ring that allegedly electronically accessed as many as 80,000 credit cards while they were being used at cash registers across the country, Government Security News reported May 30. The charges allege the man participated in a scheme to remotely steal payment card data from hundreds of U.S. merchants’ “point of sale” (POS) computer systems. An indictment handed down in December 2011 charged the man and three other Romanian nationals ran the computer fraud conspiracy. Federal authorities allege that between 2008 and May 2011, the men conspired to remotely hack into more than 200 U.S.-based POS systems at stores across the U.S. to steal credit, debit, and gift card numbers and associated data. Merchant victims included more than 150 Subway restaurant franchises, the U.S. Department of Justice said. According to the indictment, millions of dollars of unauthorized purchases have been made using the compromised data. Source:

16. May 29, Courthouse News Service – (National; International) Ponzis just kept on growing, SEC says. Owners of two Caribbean timeshares bilked 1,200 investors out of $163 million in a 5 year Ponzi scheme that netted them $58.9 million in commissions, the U.S. Securities and Exchange Commission (SEC) claimed in a May 24 complaint. Two men, through their company Net Worth Solutions, paid themselves “exorbitant undisclosed sales commissions” from sales of securities for two resorts in the Dominican Republic, the SEC claimed. Investors were told their returns were guaranteed, however “only a very small percentage of investor funds were actually used to renovate and construct the properties,” the SEC said. Instead, defendants skimmed undisclosed commissions and used new money to pay off earlier investors. One of the men founded “a series of multi-level marketing entities that sold investments in the second man’s resorts,” the complaint said. The first man and his father bought the Cofresi resort in the Dominican Republic in 2003. EMI Sun Village Inc., which owned the resort, then targeted investors in the western United States. The second man and his father bought Sun Village Juan Dolio in 2005. Construction at Juan Dolio was never completed, and it never opened to guests. Defendants bought about $72.6 million worth of investments in Cofresi and $91.2 million in Juan Dolio, the SEC said. Only $8 million was spent on the construction of Juan Dolio. In total, $21.1 million was paid in commissions for Cofreis and $37.8 million for Juan Dolio. Lenders foreclosed on both properties in 2009. Source:

17. May 29, Ventura County Star – (California) Four arrested in connection with credit card fraud. Simi Valley, California police announced May 29 the arrests of four suspects in connection with what investigators call a “Nigerian fraud ring” they said caused losses of more than $2 million through the fraudulent use of credit cards. Police said the 6-week investigation began in March when a woman bought several thousand dollars’ worth of gift cards at a Target store in Simi Valley. She used fraudulently obtained credit cards to buy the gift cards, police said. Similar transactions occurred elsewhere in southern California, police said. Police said they identified four suspects of Nigerian origin who lived in Los Angeles County and committed similar crimes there, as well as in Ventura, San Diego, Kern, Riverside, and San Bernardino counties. Police said they recovered stolen property during the arrests, as well as more than $100,000 in cash. Source:

For another story, see item 54 below in the Information Technology Sector

Information Technology

50. May 30, H Security – (International) Security problem in VMware vSphere 5. Security experts from ERNW demonstrated the ability to break out of the virtualization hypervisor of VMware ESXi 5.0 using crafted VMware images. If a provider offers customers the ability to run customer-supplied VMware images on its servers as part of an infrastructure as a service offering, a malicious user could access all data on the server, including other customers’ user passwords and virtual machines. The security experts were able to manipulate the virtual disk images in a way that caused host disks to be mounted in the guest system after launching the VM. Successful attacks were mounted in this way against fully patched copies of ESXi 5.0, but the researchers point out that, as far as they are aware, this has so far only happened under laboratory conditions. Source:

51. May 30, SecurityWeek – (International) Rapid 7 outlines the most popular Metasploit modules. Metasploit is a powerful and popular tool for penetration testers and security experts. However, it is also an excellent resource for hackers. Recently, Rapid 7 published a list of the most popular Metasploit modules, offering a look at the vulnerabilities that earned the most attention in April. The list was compiled by examining the Web server stats for the Metasploit Auxiliary and Exploit Database. Studies of the methods utilized in the wild show that attackers have a preference for the same tools that penetration testers and other security professionals use or sell to others, and Metasploit is no different. Source:

52. May 30, IDG News Service – (International) Nearly a fifth of U.S. PCs have no virus protection, McAfee finds. A McAfee study of PCs around the world found that 17 percent had no antivirus protection, and the United States outpaced the average with 19 percent of PCs unprotected. The study counted as unprotected machines those that had no antivirus protection installed, or whose antivirus subscription expired. In the United States, 12 percent of PCs did not contain an antivirus program, and 7 percent had expired software. McAfee analyzed data from voluntary scans of 27 million machines in 24 countries. According to the company, the study was the first to examine machines directly rather than polling their users. User polls typically found that 6 percent of PCs are not protected by antivirus software, McAfee’s director of global consumer product marketing said. Source:

53. May 30, H Security – (International) Google’s reCAPTCHA briefly cracked. Hackers developed a script that was able to crack Google’s Completely Automated Public Turing test to tell Computers and Humans Apart (CAPTCHA) system with a success rate of better than 99 percent. They presented the results of their research at the LayerOne security conference in Los Angeles the weekend of May 26. However, just an hour before the presentation, Google made improvements to its reCAPTCHA system. Of the various CAPTCHA systems, Google’s reCAPTCHA is considered to be one of the most reliable for differentiating man from machine. Rather than trying to analyze distorted characters, the script, code-named “Stiltwalker,” analyzed the audio version of the CAPTCHAs, which Google provides for individuals who are visually impaired. Stiltwalker makes use of various techniques, including machine learning, but it also exploits the fact the computer voice has a very limited vocabulary. Source:

54. May 30, Government Computer News – (International) Administration unveils plan for battling botnets. The U.S. Government and a private-sector working group announced a cooperative initiative to combat malicious botnets, which are being called a growing threat to the online economy and national security. May 30, the Industry Botnet Group and DHS and the Commerce Department released a set of principles for addressing the challenge of botnets across the Internet ecosystem. In addition to this framework for collaboration, the Government also will step up public outreach efforts to educate users about online threats and will coordinate efforts to address the technical threats posed by botnets. May 30, the National Institute of Standards and Technology hosted a workshop on the technical aspects of botnet activity, aimed at disrupting the botnet life cycle and removing malicious code on compromised devices. Source:

55. May 29, Threatpost – (National) DHS to critical infrastructure owners: Hold on to data after cyber attack. The DHS is offering organizations that use industrial control systems advice on mitigating the effects of cyber attacks. Among the agency’s recommendations: Hold on to data from infected systems and prevent enemies from moving within your organization. DHS’ Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) published a technical paper on cyber intrusion mitigation strategies May 25. The document calls on critical infrastructure owners to take a number of steps to thwart attacks, or limit the damage they cause. Among them are improving their ability to collect and retain forensic data, and to detect attempts by attackers to move laterally within their organization. The document is guidance from ICS-CERT to critical infrastructure owners and is targeted at both enterprise and control system networks, DHS said. Source:

For another story, see item 15 above in the Banking and Finance Sector

Communications Sector

56. May 29, – (North Carolina) Antenna damage will temporarily limit WDAV-FM signal. Some listeners of Davidson, North Carolina-based WDAV 89.9 FM could lose their signal for up to a month while the classical music public radio station uses a backup antenna so it can repair damage on its main antenna, reported May 29. A recent tower inspection found a section of the antenna glowing orange from heat. The station’s general manager said May 29 engineers are not sure what is causing the heat. They will not know more until they dismantle the antenna. Repairs were expected to begin May 30. WDAV will switch to a backup antenna on a tower next to the main one. It operates at the same power — 100,000 watts — as WDAV’s main transmitter, but is much lower and the signal likely will not travel as far as normal, the manager said. The areas that are most likely to lose WDAV’s signal include south Charlotte, north of Statesville, and northeast toward Winston-Salem, he said. Since WDAV’s antenna is custom-designed to target its signal and avoid interference with other stations, engineers will ship damaged parts back to the manufacturer to be repaired or rebuilt. That means the station likely will operate on its backup antenna for about a month. Source: