Monday, July 30, 2012 

Daily Report

Top Stories

 • Powerful storms knocked out power to more than 100,000 homes and businesses in New York, Ohio, and Pennsylvania, cancelled more than 900 flights, and killed two people. – Reuters 

2. July 27, Reuters – (New York; Ohio; Pennsylvania) Two dead, over 100,000 without power after fierce storms. Two people were dead and more than 100,000 homes and businesses in New York, Ohio, and Pennsylvania were without electricity July 27 after severe thunderstorms swept through the region July 26. The storms spawned a tornado that touched down in Elmira, New York, toppling trees and tearing off roofs, the National Weather Service said. Officials in Pennsylvania and New York reported two storm-related deaths. A woman camping in Genesee, Pennsylvania, near the New York State line was killed when she took refuge from the storm in her car and a tree fell on it, the director of emergency services for Potter County said. Pennsylvania accounted for a majority of those still without power, with more than 85,000 customers in the dark July 27, according to electric companies serving the region. Roughly 34,000 people in New York were without power, most of them in the southern tier region near Elmira, according to NYSEG. About 13,500 customers in eastern Ohio were still offline, according to AEP Ohio. The storm activity forced the cancellation of over 900 flights July 26, according to FlightAware, a Texas-based company that tracks the status of flights. The highest number of cancellations was at LaGuardia Airport in New York City. Source:

 • Ford Motor Company announced July 27 the recall of more than 400,000 model year 2001-2004 Escape vehicles because of problem with the throttle cable that could lead to uncontrolled acceleration and make it difficult to stop or slow down. – U.S. Department of Transportation 

8. July 27, U.S. Department of Transportation – (National) NHTSA recall notice - Ford Escape speed control cable connector. Ford Motor Company announced July 27 the recall of 423,634 model year 2001-2004 Escape vehicles equipped with 3.0L V6 engines and speed control manufactured from October 22, 1999 through January 23, 2004. Inadequate clearance between the engine cover and the speed control cable connector could result in a stuck throttle when the accelerator pedal is fully or almost-fully depressed. This risk exists regardless of whether or not speed control (cruise control) is used. A stuck throttle may result in very high vehicle speeds and make it difficult to stop or slow the vehicle, which could cause a crash, serious injury, or death. Ford will notify owners, and dealers will repair the vehicles by increasing the engine cover clearance. Remedy parts are expected to be available in mid-August. Until then, dealers will disconnect the speed control cable as an interim remedy, if parts are not available at the time of an owner’s service appointment. Source:

 • A peer-to-peer botnet targeting banking customers has infected more than 675,000 systems, including those at 14 of the top 20 Fortune 500 companies, according to research released at the Black Hat security conference. – See item 16 below in the Banking and Finance Sector

 • Authorities found more than 20 rifles and handguns and 40 boxes of ammunition at the home of a man they arrested who threatened to shoot people at a Prince George’s County, Maryland facility of computer software and hardware manufacturer Pitney Bowes. – Washington Post See item 34 below in the Information Technology Sector


Banking and Finance Sector

13. July 26, Associated Press – (New Mexico) Fallout from fake audit causing NM financing authority to scale back loans for governments. Cities, counties, and other local governments could find it harder to get low-cost loans from the New Mexico Finance Authority during the next several months because of fallout from a scandal over a fake audit of the agency’s finances, the Associated Press reported July 26. The authority’s governing board reviewed a proposal for limiting a loan program that finances projects such as sewers, roads, and other infrastructure in communities. The authority can only make loans using $37 million in cash reserves because it is unable to issue new bonds without a final audit or unless it taps into a $50 million line of credit previously arranged with a bank. Bonds are the primary way the authority finances projects and has money to lend. At issue in the unfolding scandal are the authority’s financial statements, which were faked to indicate they had been audited by an outside accounting firm. Investors may have relied on the data in considering whether to buy the authority’s bonds. Officials blamed a former controller for the fake audit, which was disclosed earlier in July. The former employee acknowledged putting together the fake audit but said no money was missing and the financial figures in the report were correct. Source:

14. July 26, Sacramento Bee – (California) Three accused of identity theft in skimming operation. Three people were arrested on suspicion of identity theft in a case involving the use of skimming devices in the Sacramento, California area, the Sacramento Bee reported July 26. After a month-long investigation, sheriff’s detectives along with officers from the California Highway Patrol, Sacramento Police Department, San Joaquin County Sheriff’s Department, and the FBI, recovered thousands of credit card numbers, hundreds of counterfeit California ID cards, numerous counterfeit credit cards, and skimming devices. Authorities said they believed the majority of the skimming devices were installed inside gas pumps. The devices could not be detected from the outside of the pump but would be easily recognizable if the pump panel were opened. Installing the skimming devices would take only seconds, and opening the gas pump panel would not disrupt service or activate alarms, they said. Source:

15. July 26, KPTV 12 Portland – (Oregon) ‘Bling Bandit’ suspect arrested. Police took into custody a suspect thought to be the “Bling Bandit” who committed multiple armed robberies in the Portland, Oregon area, KPTV 12 Portland reported July 26. The man was arrested for a parole violation. Federal bank robbery charges against him are pending. According to Portland police, further investigation including a fingerprint left at the scene and the execution of a search warrant, identified the man as the suspect. The three bank robberies occurred within 4 months with the bandit robbing the same U.S. Bank twice April 26 and July 16 as well as a Wells Fargo bank June 29. Source:

16. July 25, – (International) ‘Gameover’ financial botnet compromises nearly 700,000 victims. A peer-to-peer botnet targeting banking customers has infected more than 675,000 systems, including those at 14 of the top 20 Fortune 500 companies, according to research released July 25 at the Black Hat security conference. The Gameover botnet uses a private version of the Zeus framework and targets the customers of banks in the United States, Europe, and Asia. To infect more systems, the bot operators used a third-party spam botnet, known as Cutwail, to send out copies of legitimate emails that were modified to spread malware. People who click on a link in the email will be sent to a server that redirects them to another system hosting the Blackhole exploit kit. “The Blackhole kit is not dropping the malware itself,” a researcher said. “Instead, it is dropping a downloader known as Pony, which is interesting in that it is not just a loader, but it steals your HTTP, FTP, and email credentials.” Once Pony installs Zeus on the compromised system, the software establishes a communications channel back to the attackers using peer-to-peer networking, which makes the botnet harder to dismantle because there are no central command-and-control servers to shut down. Infected machines then contact a hard-coded list of peers to get updates and commands. Source:

Information Technology Sector

34. July 27, Washington Post – (Maryland) Maryland police may have thwarted shooting. Authorities have arrested a man who referred to himself as “a joker” and threatened to shoot people at his former workplace in Prince George’s County, Maryland, investigators said July 27. Investigators said that the man called Pitney Bowes the week of July 23 and threatened to carry out a shooting there. He later called back and acknowledged that it was not smart to be making such threats over the phone. Pitney Bowes called Prince George’s police July 25. The man lives in Crofton, and he was taken into custody there by Anne Arundel County police. Police found more than 20 rifles and handguns and 40 steel boxes of ammunition at his home, investigators said. The suspect was being held at an Anne Arundel hospital for medical evaluation, authorities said. Pitney Bowes said in a statement that the suspect arrested was an employee of a subcontractor to Pitney Bowes. He has not been on any Pitney Bowes property in more than 4 months. “What we believe was a significant threat has been averted,” the Prince George’s police chief said. Authorities wrote in an affidavit that they believed that the suspect was referencing the movie theater shootings in Colorado when he called himself a joker. Source:

35. July 26, IDG News Service – (International) Twitter blames two-hour failure on dual data-center crashes. A Twitter outage July 26 that lasted as long as 2 hours for some users was caused by separate data centers failing at nearly the same time, the company said in a blog post. Twitter went down between about 8:20 a.m. and 9 a.m. Pacific Time and was back in action by about 10:25 a.m., wrote the vice president of engineering. Two data centers that operate in parallel for redundancy both failed, in what the vice president called an “infrastructural double whammy. What was noteworthy about today’s outage was the coincidental failure of two parallel systems at nearly the same time,” he wrote. “We are investing aggressively in our systems to avoid this situation in the future.” It was Twitter’s second outage in about 6 weeks. The company blamed the June 21 outage on a cascading bug, a type of problem that spreads from one software element to others. Source:

36. July 26, Network World – (National) Study: Microsoft repeatedly ranks as top U.S. spammer. Microsoft has topped a list of biggest U.S. spammers for 5 out of the past 15 months, and for some of those months it ranked No. 1 in the world, according to a University of Texas (UT) study to flag the worst offenders in an effort to get them to improve their security. Based on results culled from spam block lists, researchers found that Microsoft IP addresses were responsible for a big enough volume of spam to top their SpamRankings list for the United States in April and May 2011, and in March, April, and June 2012, said a researcher with the project at McCombs School of Business, UT Austin. The project analyzes raw data about where spam traffic comes from and tracks down what organization owns the offending IP addresses. The raw data gathered by groups outside UT, and the Microsoft rankings are based on those compiled by Passive Spam Block List. The researcher said one factor in the high volume of Microsoft spam may be that part of it is MSN, the Microsoft portal that includes its ISP. “Its purpose is to let people have access to the Internet, and that means people have their own computers, which may have all sorts of security problems,” he said. Outbound spam from an organization indicates a security problem, he said, sometimes because machines have been compromised by botnets and sometimes because users have fallen for phishing ploys. Source:

37. July 25, Network World – (International) Black Hat: Cyber-espionage operations vast yet highly focused, researcher claims. Cyber-espionage operations across the Internet are extensive yet highly targeted, said a research director at Dell SecureWorks, speaking at the Black Hat Conference in Las Vegas. His paper, titled “Chasing APT” released July 25, pinpoints 200 unique families of custom malware used in cyber-espionage campaigns that many refer to as “advanced persistent threats.” It is not just governments targeting other governments or trying to steal corporate secrets — private security companies also are involved in these break-ins even while claiming to offer “ethical hacking services.” In terms of its technical analysis of APTs, SecureWorks stated it believes that along with the 200 unique families of custom malware used in cyber-espionage intrusions, there appear to be more than 1,100 domain names registered by cyber-espionage actors for use in hosting malware command-and-control or spear-phishing, and nearly 20,000 subdomains or purposes such as “malware C2 resolution.” But unlike other types of criminal botnets that “can contain millions of infected computers,” cyber-espionage is far more focused, with “tens of thousands of infected computers spread across hundreds of botnets, each of which may only control a few to a few hundred computers at a time,” the Dell SecureWorks report said. Source:

For more stories, see items 16 above in the Banking and Finance Sector and 38 below in the Communications Sector

Communications Sector

38. July 26, Door County Daily News – (Wisconsin) Fiber problem causes Internet outage. Quite a bit of Door County, Wisconsin, had to do without Internet service for a time early July 26. The network administrator for Online Door County, a local Internet service provider said, it appeared that Charter Communications’ data network to Door County went down early July 26 and was down for about an hour and a half. The outage affected more than 1,000 customers of Online Door County and an undetermined number of Charter customers. He stated his company has taken steps to prevent future outages. He said they placed an order with Nsight 9 weeks ago to have more fiber optic installed but that installation had not yet taken place. Source:

For another story, see item 35 above in the Information Technology Sector