Wednesday, June 13, 2012

Complete DHS Daily Report for June 13, 2012

Daily Report

Top Stories

• The Pennsylvania Utility Commission recommended a $386,000 fine against UGI Utilities Inc. and suggested the utility implement several corrective measures in response to a 2011 explosion that killed five people. – WPVI 6 Philadelphia; Associated Press

2. June 12, WPVI 6 Philadelphia; Associated Press – (Pennsylvania) UGI faces fine over deadly Allentown blast. Investigators with the Pennsylvania Public Utility Commission (PUC) June 11 recommended that a natural gas utility be ordered to pay a $386,000 fine and take a series of corrective measures following an explosion in Allentown that killed five people. PUC investigators said following a 16-month investigation that Reading-based UGI Utilities Inc. failed to heed warning signs about the integrity of its 80-year-old cast-iron mains and then, after the explosion, failed to follow its own emergency protocols. The February 9, 2011 explosion destroyed eight homes and triggered a raging fire. The PUC complaint traced the source of the gas that led to the explosion to a cracked, corroded 12-inch cast-iron main installed in 1928. The complaint said that UGI did not respond to “ample warning signs” about the pipe’s integrity and has not moved quickly enough to replace Allentown’s decades-old network of cast-iron gas pipelines despite two earlier deadly explosions, in 1976 and 1990. Investigators also noted UGI did not receive any calls about a gas odor in the hours before the 2011 explosion, evidence it failed to maintain adequate levels of Mercaptan, the chemical odorant added to natural gas to give it its distinctive rotten-egg smell. Source: http://abclocal.go.com/wpvi/story?section=news/local&id=8697983

• The U.S. Securities and Exchange Commission charged 14 sales agents who misled more than 5,000 investors and illegally sold securities for a firm at the center of a $415 million Ponzi scheme. – U.S. Securities and Exchange Commission See item 8 below in the Banking and Finance Sector

• The U.S. Department of the Treasury’s Office of Foreign Assets Control announced a $619 million settlement with ING Bank N.V. (ING) to settle potential liability for apparent violations of U.S. sanctions. – U.S. Department of the Treasury See item 9 below in the Banking and Finance Sector

• State safety regulators in Nevada are investigating a fatal construction accident in a water supply tunnel being built at Lake Mead, the latest in a series of mishaps and setbacks at the multi-million dollar project. – Associated Press

20. June 12, Associated Press – (Nevada) Investigators probe death in Nev. tunnel accident. State safety regulators in southern Nevada June 12 began investigating a fatal construction accident in a water supply tunnel being built at Lake Mead, the latest in a series of mishaps and setbacks at the multi-million dollar project that began in 2009. A construction worker was killed and another was injured June 11 in a tunnel under construction at Lake Mead near Las Vegas after some material became loose and pressure sent grout flying through the air. The two men were alone in a segment of the 3-foot-diameter tunnel near Lake Mead National Recreation Area when they were hit by the exploding grout material. The second man sustained minor injuries, the Southern Nevada Water Authority spokesman said. The tunnel is part of a troubled effort to drill a third drinking water supply line to the Lake Mead reservoir. The multi-million-dollar project has been beset by flooding and cave-ins since construction began in 2009, and work has been delayed by about 2 years. Las Vegas depends on Lake Mead for about 90 percent of its drinking water. Construction on the third tunnel began amid concerns over the Colorado River reservoir’s shrinking supply. The third intake is designed to keep water flowing to Las Vegas even if drought shrinks the lake below the level of the two existing conduits. The new tunnel, bored through solid rock beneath Lake Mead, will be 3 miles long. Officials said the tunnel is not flooded and is still intact. Source: http://www.boston.com/news/nation/articles/2012/06/12/nevada_tunnel_accident_kills_worker_hurts_another/

• The U.S. Coast Guard said two hoax calls reporting an explosion June 11 on a motor yacht off central New Jersey came from land and the rescue effort cost the agency at least $88,000 and lasted about 4 hours. – Associated Press

31. June 12, Associated Press – (New Jersey) Coast Guard: Yacht blast hoax calls came from land. The U.S. Coast Guard said two hoax calls reporting an explosion June 11 on a motor yacht off central New Jersey came from land and the rescue effort cost the agency at least $88,000 and lasted about 4 hours. An investigation began June 12 to determine who was responsible. The agency is offering a $3,000 reward. The caller reported the boat was 17 nautical miles east of Sandy Hook and had 21 people aboard including several people injured. The caller also claimed the vessel sank but everyone aboard made it to life rafts. Authorities found no sign of any people or any distress in the water. The commander of Coast Guard Sector New York said more than 200 first responders assembled at the staging areas, and officials said several good Samaritans assisted authorities in the lengthy search. He noted hoax calls put the Coast Guard and other first responders at unnecessary risk and can interfere with the Coast Guard’s ability to respond to actual distress at sea. Source: http://www.federalnewsradio.com/615/2900020/Coast-Guard-offers-reward-in-yacht-explosion-hoax-

• A malware-based espionage campaign was recently perpetrated against Digital Bond, a security consultancy that specializes in safeguarding computer systems used to control dams, gasoline refineries, and other critical infrastructure against attack – Ars Technica See item 37 below in the Information Technology Sector

Details

Banking and Finance Sector

6. June 12, WAGA 5 Atlanta – (Georgia) Skimmers steal info at Coweta Co. gas pumps. Dozens of people in Coweta County, Georgia, were victims of skimming at gas pumps, WAGA 5 Atlanta reported June 12. Investigators said they discovered a large criminal organization putting card skimmers inside gas pumps. Coweta County investigators said they were inundated with calls — at least 80 people have come forward — but they believed there could be hundreds of victims. “They clone those cards and use them to make fraudulent transactions and withdrawals from ATMs,” a Coweta County investigator said. Investigators said somehow the crooks got a key to the pump and put the skimmer device inside. They said it would be impossible for anyone driving up for gas to notice anything unusual. The crooks can sit within 300 feet of the pump and harvest the data on a cell phone or laptop, which is then used to clone a card and steal money at any ATM. Source: http://www.myfoxatlanta.com/story/18761482/gas-pump-skimmer-steals-credit-card-information

7. June 12, Minneapolis Star Tribune – (Minnesota; National) Three guilty in massive Ponzi scheme. Jurors in Minneapolis June 12 found three men guilty of helping a convicted fraudster pilfer the savings of more than 700 investors in a Ponzi scheme. All three were found guilty of all the charges resulting from the $194 million scheme — the second-largest Ponzi scheme in Minnesota history. A man who claimed to be among the top portfolio managers in the nation was convicted of a variety of fraud, money-laundering, and tax charges. An entrepreneur and former coin dealer was convicted of fraud and money-laundering charges; attempting to mislead the government about two foreign currency transactions; and several tax charges. A Minneapolis huckster — whose “Follow the Money” radio talk-show program lured the most investors — was found guilty of fraud and money laundering counts. The scheme evolved from currency swaps the leader of the scheme was running through several commodities and futures brokers. He claimed in 2006 to have found the Holy Grail with two Swiss firms: Crown Forex SA and JDFX Technologies. By partnering with these firms and others, the schemer and his associates claimed they could produce steady, double-digit returns with no risk to principal. Two of the defendants pitched the investment strategy on a Christian shortwave network and broadcast radio. One of them bought time on more than 200 stations nationwide and brought in about two-thirds of the investors. The third defendant solicited investors among the wealthy clientele of his investment advisory company, Oxford Private Client Group, and made presentations at investment seminars. He and associates in Minneapolis and Arizona raised about $47 million from 143 investors. In fact, the currency program was a fraud from top to bottom and the three defendants knew it but never informed their investors, prosecutors argued. The scam became public in July 2009. Source: http://www.startribune.com/local/158578925.html?page=all&prepage=1&c=y#continue

8. June 12, U.S. Securities and Exchange Commission – (New York; National) SEC charges 14 sales agents in $415 million Long Island-based Ponzi scheme. The U.S. Securities and Exchange Commission (SEC) June 12 charged 14 sales agents who misled investors and illegally sold securities for a Long Island, New York-based investment firm at the center of a $415 million Ponzi scheme. The SEC alleges the sales agents falsely promised investor returns as high as 12 to 14 percent in several weeks when they sold investments offered by Agape World Inc. They also misled investors to believe that only 1 percent of principal was at risk. The Agape securities they peddled were non-existent, and investors were lured into a Ponzi scheme where earlier investors were paid with new investor funds. The sales agents turned a blind eye to red flags of fraud and sold the investments, receiving more than $52 million in commissions and payments out of investor funds. None of these sales agents were registered with the SEC to sell securities, nor were they associated with a registered broker or dealer. Agape also was not registered with the SEC. According to the SEC’s complaint, more than 5,000 investors nationwide were impacted by the scheme that lasted from 2005 to January 2009, when Agape’s president and organizer of the scheme was arrested. The SEC alleges the sales agents misrepresented to investors that their money would be used to make high-interest bridge loans to commercial borrowers or businesses. Little, if any, investor money actually went toward this purpose. Source: http://www.sec.gov/news/press/2012/2012-112.htm

9. June 12, U.S. Department of the Treasury – (National; International) U.S. Treasury Department announces $619 million settlement with ING Bank, N.V. The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) June 12 announced a $619 million settlement with ING Bank N.V. (ING) to settle potential liability for apparent violations of U.S. sanctions. The June 12 settlement is the largest OFAC settlement of any kind to date. The settlement resolves OFAC’s investigation into ING’s intentional manipulation and deletion of information about U.S.-sanctioned parties in more than 20,000 financial and trade transactions routed through third-party banks located in the United States between 2002 and 2007, primarily in apparent violation of the Cuban Assets Control Regulations, but also of the Iranian Transactions Regulations; the Burmese Sanctions Regulations; the Sudanese Sanctions Regulations; and the now-repealed version of the Libyan Sanctions Regulations. ING’s apparent violations, which totaled more than $1.6 billion routed through the United States, arose out of policies at multiple offices of ING’s Wholesale Banking Division. Beginning in the 1990s, at the instruction of senior bank management, ING employees in Curacao began omitting references to Cuba in payment messages sent to the United States. The practice of removing and omitting such data was used by other ING branches, including in the Netherlands, Belgium, and France. In addition, ING’s senior management in France authorized, advised in the creation of, and provided fraudulent endorsement stamps for use by Cuban financial institutions in processing travelers check transactions. Moreover, ING’s Trade and Commodity Finance business in the Netherlands routed payments made on behalf of U.S.-sanctioned Cuban clients through other corporate clients to obscure the sanctioned clients’ identities, and its Romanian branch omitted details from a letter of credit involving a U.S. financial institution to finance the exportation of U.S.-origin goods to Iran. ING assured the OFAC it terminated the conduct leading to the settlement. Source: http://www.treasury.gov/press-center/press-releases/Pages/tg1612.aspx

10. June 11, Associated Press – (Washington; International) Dutch man charged with stealing Wash. credit cards. In an investigation that spanned from a Seattle restaurant to Romania, a Dutch national pleaded not guilty June 11 to federal computer hacking charges that include the theft of at least 44,000 credit card numbers. Federal prosecutors said the defendant is a prominent figure in the international hacking community who sold stolen credit card numbers in bulk through Web sites. The 44,000 credit card numbers included in these charges come from just one sale, authorities said. The man was arrested in Romania and arrived in Seattle June 9. He has been charged with 14 crimes, ranging from access device fraud to identity theft, authorities said. Seattle and federal authorities credited a local Italian restaurant owner for his help. The restaurateur said he became alarmed after several complaints from customers of suspicious charges after dining at Modello Risorante Italiano. Customers suspected his workers had taken their credit card information, but he found no evidence of that. He called computer experts and eventually the police, he said. That led police to a Maryland man, who they said planted spying malware in the sales systems of two Seattle businesses, two of dozens of businesses targeted. He had collected at least 4,800 credit card numbers in 2011. The man was arrested in November 2011 and pleaded guilty in May to charges that included bank fraud. Investigators said the Dutch national worked with the Maryland man in creating Web sites to sell the credit card numbers. Source: http://hosted.ap.org/dynamic/stories/U/US_COMPUTER_HACKING?SITE=AP&SECTION=HOME&TEMPLATE=DEFAULT&CTIME=2012-06-11-19-38-46

Information Technology Sector

35. June 12, H Security – (International) BIG-IP network appliances remote access vulnerability. Networking equipment specialist F5 Networks warned users about a security vulnerability in its network appliance — including its flagship BIG-IP family of products — that could allow a remote attacker to gain root access via SSH on some devices. A full list of affected firmware versions is given in the security advisory. Firmware upgrades that close the security hole are available; users who cannot upgrade to a non-vulnerable version are advised to reconfigure SSH access on their systems. Source: http://www.h-online.com/security/news/item/BIG-IP-network-appliances-remote-access-vulnerability-1615947.html

36. June 12, H Security – (International) Multiple vulnerabilities in Symantec Web Gateway eliminated. The GUI for the administration front end of Symantec Web Gateway 5.0 allows a series of attacks to occur which can, at worst, let attackers execute their own commands or code on the gateway. Demonstration exploits and a Metasploit module that implements the attacks are publicly available. In response, Symantec provided Symantec Web Gateway 5.0.3, which fixes the four vulnerabilities: two highly rated code/command injection flaws and two medium rated flaws related to file download/deletion and exposure to cross-site scripting. Source: http://www.h-online.com/security/news/item/Multiple-vulnerabilities-in-Symantec-Web-Gateway-eliminated-1616463.html

37. June 11, Ars Technica – (International) James Bond-style malware targets firm that secures industrial systems. A malware-based espionage campaign was recently perpetrated against Digital Bond, a security consultancy that specializes in safeguarding computer systems used to control dams, gasoline refineries, and other critical infrastructure against attack. An e-mail that addressed a Digital Bond employee by name used an account registered to appear as if it belonged to the company’s founder and CEO. According to a blog post published the week of June 4, the message made reference to a paper the executive co-authored in 2009 and asked the employee to click on a Web link that led to a compressed file stored on a compromised server. Malicious code in the file installs a remote backdoor on end-user machines. It was detected by only 7 of 42 antivirus products. That suggests the trojan did not circulate widely before it targeted Digital Bond. Source: http://arstechnica.com/security/2012/06/jamesmalware-targets-industrial-systems-experts/

38. June 11, Threatpost – (International) Tumblr users should beware of cookie thieves. Networking equipment specialist F5 Networks warned users about a security vulnerability in its network appliance — including its flagship BIG-IP family of products — that could allow a remote attacker to gain root access via SSH on some devices. A full list of affected firmware versions is given in the security advisory. Firmware upgrades that close the security hole are available; users who cannot upgrade to a non-vulnerable version are advised to reconfigure SSH access on their systems. Source: http://threatpost.com/en_us/blogs/tumblr-users-should-beware-cookie-thieves-061112

39. June 11, PC Magazine – (International) LulzSec Reborn leaks 10,000 Twitter accounts. LulzSec Reborn leaked approximately 10,000 Twitter usernames and passwords of members who used TweetGif, an animated Gif-sharing application. The file contained much information on each member including: usernames, passwords, real names, locations, bios, avatars, secret tokens used to authenticate TweetGif to pull Twitter data, and even their last tweet. The hackers’ motivations are unclear at this point; an announcement posted on Pastebin merely linked to a destination for people to download the .SQL file. TweetGif lets users post and share animated Gif cliparts, but users have to log in through Twitter. It appears to be a relatively small application with less than 75,000 visitors globally, according to its Flag Counter stats, and only 690 followers of its Twitter account @TweetGif. Not all third-party Twitter applications use best practices to secure user data. An Imperva report indicated approximately three-quarters of Web applications may be vulnerable to remote file inclusion attacks because they include insecure tools that allow users to upload user-generated content, such as images and videos. Source: http://securitywatch.pcmag.com/none/298936-lulzsec-reborn-leaks-10-000-twitter-accounts

For another story, see item 10 above in the Banking and Finance Sector

Communications Sector

40. June 12, WVIT 30 New Britain – (Connecticut) Phone, Internet disruptions in Tolland. There were widespread phone and Internet service disruptions in Tolland, Connecticut, after a communication line was severed, according to a news release issued June 11. The town’s public safety department issued a warning that the problem affected AT&T landline customers and various cell phone communication towers. The problem was expected to be fixed by June 12. Source: http://www.nbcconnecticut.com/news/local/Phone-Internet-Disruptions-in-Tolland-158552625.html

41. June 12, Raleigh News & Observer – (North Carolina) Cut wire silences Wake Tech phone system. A severed phone cable disabled the phones on multiple Wake Tech campuses in North Carolina June 11 and were expected to leave the campuses without service for an undetermined period of time. A statement from Wake Tech’s tech department did not specify the cause but said a 600-pair copper cable had been cut at the north-most corner of the school’s main campus. Neither inbound nor outbound external calls could be completed from main and Public Safety Education campuses, as both have the same 866 prefix. AT&T, as of June 11, was working on repairing the problem. No estimated timetable for repair had been given but functionality before the end of the day classes was ruled out. Source: http://www.newsobserver.com/2012/06/11/2130131/cut-wire-silences-wake-tech-phone.html

42. June 11, Bloomington Pantagraph – (Illinois) Frontier service cut to north Normal, Hudson. Hundreds of Frontier customers in north Normal and the Hudson, Illinois-area were expected to be without telephone service until about 10 p.m. June 11, company officials said. A crew repairing a broken water main at The Landings mobile home park severed a fiber-optic cable. The company received at least 200 outage reports from customers, but the number affected was likely higher, Frontier officials said. Source: http://www.pantagraph.com/news/local/frontier-service-cut-to-north-normal-hudson/article_326c6290-b409-11e1-9b29-001a4bcf887a.html

43. June 11, Naples Daily News – (Florida) WGCU tower being repaired after lightning strike. The radio tower for WGCU 90.1 FM Fort Myers, Florida, was undergoing repairs June 11 after being hit by lightning during a storm over the weekend of June 9, leaving the station with a weaker signal. The station was relying on a backup signal until repairs were completed. A WGCU employee reached June 11 was unsure when that work would finish. Source: http://www.naplesnews.com/news/2012/jun/11/wgcu-tower-being-repaired-after-lightning-strike/