Tuesday, July 31, 2012 


Daily Report

Top Stories

• By the week of July 23, more than 63 percent of the contiguous United States was considered in moderate to exceptional drought. Specifically, 1,369 counties across 31 States were declared drought-disaster areas. The drought, the most severe since the 1950s, is expected to cost at least $12 billion. – Ag Professional

21. July 27, Ag Professional – (National) Drought expanding rapidly, now covers 63 percent of U.S. The week of July 23, the U.S. Department of Agriculture’s Drought Monitor to showed the largest 1-week jump in extreme drought growth during the report’s 12-year history. Nationally, drought conditions grew for the 10th consecutive week. More than 63 percent of the contiguous United States were considered in moderate to exceptional drought. Specifically, 1,369 counties across 31 States were declared drought-disaster areas. “We’ve seen tremendous intensification of drought through Illinois, Iowa, Missouri, Indiana, Arkansas, Kansas and Nebraska, and into part of Wyoming and South Dakota in the last week,” the author of the Drought Monitor said. The Weather Channel noted that the growth of extreme drought in the country expanded this week by 219,000 miles, an area slightly larger than the States of California and New York combined. The percentage of the continental U.S. in severe to exceptional drought set a new high for the second week straight. The drought, the most severe since the 1950s, is expected to cost at least $12 billion. Source: http://www.agprofessional.com/news/Drought-expanding-rapidly-now-covers-61-of-US---163874336.html

• French security firm Intego discovered a new Mac Trojan horse the week of July 23 that is being used to target specific individuals. The Trojan, dubbed “Crisis” by Intego — a Mac-only antivirus developer — and called “Morcut” by Sophos, is espionage malware that spies on victims using Mac instant messaging clients, browsers, and Skype. – Computerworld View 41 below in the Information Technology Sector

• Police in Missouri investigating bomb threats that triggered evacuations and searches for dangerous devices at eight Walmart stores in Missouri and two store locations in Kansas, said they have the phone number from at least one of the calls that was made between July 27 and July 29. – ABC News

50. July 30, ABC News – (Missouri; Kansas) Police believe Walmart bomb threats are connected. Police in Missouri investigating bomb threats that triggered evacuations and searches for dangerous devices at 10 Walmart stores said they have the phone number from at least one of the calls that was made between July 27 and July 29. In total eight stores across Missouri received bomb threats, while two more store locations, in Kansas, also received similar calls. No devices were found at any of the stores. Walmart locations in Jefferson City, Nixa, Ozark, Raytown, Gladstone, and Fredericktown in Missouri, and in Leavenworth and Lawrence, Kansas, were shut down due to bomb threats. In each case, the caller said explosive devices were on the premises. Source: http://abcnews.go.com/US/police-walmart-bomb-threats-connected/story?id=16884459#.UBZ7rqAbamg

• About 60 million gallons of water is leaking through the 101-year-old Peterson Dam in Las Vegas, New Mexico, each year. Consultants recommended that the dam, responsible for holding the city’s water supply, be raised to provide more than 391 million gallons of storage, a project estimated at $20 million. – Associated Press; Las Vegas Optic

57. July 27, Associated Press; Las Vegas Optic – (New Mexico) 101-year-old northern NM dam on brink of failure. About 60 million gallons of water is leaking through the 101-year-old Peterson Dam in Las Vegas, New Mexico, each year, the Associated Press reported July 27. Consultants recommended that the dam, responsible for holding the city’s water supply, be raised to provide more than 391 million gallons of additional storage, a project estimated at $20 million. Its current capacity is 211 acre-feet, or 68 million gallons — a small fraction of the water the city uses in a year. The governor of New Mexico said she would make the dam’s repair a priority in the next legislative session with a proposed $2 million in funding, the Las Vegas Optic reported. The dam is a symbol of the city’s dilapidated water infrastructure, but officials said the entire system needs an overhaul. The city already is planning stark water rate increases to fund improvement projects that go beyond the dam and could cost $120 million over 40 years. Rebuilding the dam will take at least 2 years. In the meantime, the city will undergo a project in October to recapture most of the leaking water and pump it back into the water system. The city and the federal government have reached an agreement to let 5 percent of the water leak through the dam to maintain a wetland that serves as a habitat for the Southwestern willow flycatcher. Source: http://www.alamogordonews.com/ci_21173910/101-year-old-northern-nm-dam-brink-failure

Details

Banking and Finance Sector

7. July 28, Ogden Standard-Examiner – (National) Bucket List Bandit hits N.C. bank, now wanted in 5 states. The ‘Bucket List Bandit’ was named as a suspect in a July 20 robbery at a Bank of America in Winston-Salem, North Carolina, the Roy, Utah police chief said July 27. Based on security camera photos, the robber wore identical clothing in both heists. The Bucket List Bandit is also suspected of robbing Chase Bank branches in Arvada, Colorado, June 21, and Flagstaff, Arizona, June 27, as well as the Pocatello Ireland Bank in Pocatello, Utah, July 6, according to the FBI. Source: http://www.standard.net/stories/2012/07/27/bucket-list-bandit-hits-nc-bank-now-wanted-5-states

8. July 27, WFXT 25 Boston – (Rhode Island; Massachusetts) ‘Bearded Bandit’ believed to have robbed bank in RI. The man known to the FBI as the “Bearded Bandit” was believed to have robbed a bank in Barrington, Rhode Island, July 26. He was also suspected in four bank robberies in Rhode Island and Massachusetts. A FBI special agent said that in each robbery the bearded man tells the teller he has a weapon, talks on his cell phone, and leaves when he has the money. Source: http://www.myfoxboston.com/story/19133244/bearded-bandit-believed-to-have-robbed-bank-in-ri

9. July 27, Associated Press – (National; International) German fugitive sought for $100 million financial fraud scheme arrested in Vegas. Federal officials said a German man sought for five years in a more than $100 million financial fraud scheme was arrested in Las Vegas, the Associated Press reported July 27. U.S. Immigration and Customs Enforcement officials said the man was arrested July 25 on a U.S. immigration violation. He was in custody pending his transfer to Germany. The man is accused of using false names, and of using a company in Cape Coral, Florida, to defraud investors in a pyramid scheme. U.S. Marshall found the man living in Nevada under one of his false names. Source: http://www.foxnews.com/us/2012/07/27/german-fugitive-sought-for-100-million-financial-fraud-scheme-arrested-in-vegas/

Information Technology Sector

39. July 30, Help Net Security – (International) 1,500 severe security events detected on Black Hat WLAN. The WLAN network at Black Hat was accessed by 3,155 attendees with a maximum of 904 simultaneous clients detected and quickly contained a total of 1,561 severe independent security events. These events included more than 280 rouge access points (AP) — with some rogue APs attempting to impersonate the official event network. Other wireless attacks that were detected included Block ACK DoS attacks, Power Save DoS attacks, Deauth Broadcast, AP Spoofing, and “Hotspotter” attacks. The network also detected some malicious fragmentation-based attacks from the wired side, which were all contained very quickly. The network, which covered a 200,000 square foot facility, consisted of 23 mesh point Aruba AP-134 APs and 16 mesh portal Aruba AP-134 APs. The 16 mesh portal APs were wired into the hotel’s infrastructure. Also included in the network were an Aruba 3600 Mobility Controller and an Aruba S3500 Mobility Access Switch. Source: http://www.net-security.org/secworld.php?id=13339&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+HelpNetSecurity+(Help+Net+Security)&utm_content=Google+Reader

40. July 29, IDG News Service – (International) Researcher creates proof-of-concept malware that infects BIOS, network cards. A security researcher created a proof-of-concept hardware backdoor called Rakshasa that replaces a computer’s Basic Input Output System (BIOS), and can compromise the operating system at boot time without leaving traces on the hard drive. Rakshasa, named after a demon from the Hindu mythology, is not the first malware to target the BIOS, however, it differentiates itself from similar threats by using new tricks to achieve persistency and evade detection. Rakshasa replaces the motherboard BIOS, but can also infect the PCI firmware of other peripheral devices like network cards or CD-ROMs, in order to achieve a high degree of redundancy. Rakshasa was built with open source software. It replaces the vendor-supplied BIOS with a combination of Coreboot and SeaBIOS, alternatives that work on a variety of motherboards from different manufacturers, and also writes an open source network boot firmware called iPXE to the computer’s network card. All of these components have been modified so they do not display anything that could give their presence away during the booting process. Coreboot even supports custom splashscreens that can mimic the ones of the replaced BIOSes. The only way to get rid of the malware is to shut down the computer and manually reflash every peripheral, a method that is impractical for most users because it requires specialized equipment and advanced knowledge. Source: http://www.networkworld.com/news/2012/072912-researcher-creates-proof-of-concept-malware-that-261243.html?source=nww_rss

41. July 27, Computerworld – (International) New Mac Trojan hints at ties to high-priced commercial hacking toolkit. French security firm Intego discovered a new Mac Trojan horse the week of July 23 that is being used to target specific individuals, Computerworld reported July 27. The Trojan, dubbed “Crisis” by Intego — a Mac-only antivirus developer — and called “Morcut” by Sophos, is espionage malware that spies on victims using Mac instant messaging clients, browsers, and Skype. According to Intego, which published an initial analysis July 24, and has followed up with more information, Crisis sports code that points to a connection with an Italian firm that sells a $245,000 espionage toolkit to national intelligence and law enforcement agencies. The malware tries to hide from security software by installing a rootkit, and also monkeys with OS X’s Activity Monitor — a utility bundled with the operating system that displays the working processes and how much memory each is consuming — as another lay-low tactic. Once on a Mac, Crisis monitors Adium and MSN Messenger, a pair of instant messaging clients; Skype; and the Safari and Firefox browsers. It captures a variety of content transmitted by those programs, including audio from Skype, messages from Adium and MSN Messenger, and URLs from the browsers. It also can turn on the Mac’s built-in webcam and microphone to watch and listen, take snapshots of the current Safari and Firefox screens, record keystrokes, and steal contacts from the machine’s address book. The French firm pegged Crisis as “a very advanced and fully-functional threat,” in part because of signs that some of the malware’s code originated with commercial spying software. Source: http://www.computerworld.com/s/article/9229725/New_Mac_Trojan_hints_at_ties_to_high_priced_commercial_hacking_toolkit?source=rss_security&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+computerworld/s/feed/topic/17+(Computerworld+Security+News)&

42. July 27, Threatpost – (International) Study: SQL attacks jump 69 percent in recent months. The number of SQL attacks jumped by nearly two thirds earlier in 2012, according to cloud hosting firm FireHost who recorded over 450,000 blocked SQL injection attacks between the first and second quarter. According to a report in ComputerWeekly, the firm claimed the week of July 23 that it protected its users from 17 million cyber attacks from April to June 2012. 469,983 of those attacks were SQL injections, up from 277,770 attacks earlier this year, a 69 percent jump. While security statistics have an intrinsic ebb and flow to them, FireHost’s numbers mark a spike. In this year’s X-Force Trend and Risk Report, IBM noted a 46 percent drop in SQL injections in 2011 while a study by WhiteHat Security earlier this year noted the number of SQL injections in sites was also decreasing. After analyzing 7,000 websites, the firm found that only 11 percent of the sites contained SQL injection vulnerabilities while only 4 percent of the sites carried at least one SQL injection flaw compared to the overall vulnerability population. Source: http://threatpost.com/en_us/blogs/study-sql-attacks-jump-69-percent-year-072712

43. July 27, IDG News Service – (International) Twitter suffers malware spam outbreak. A widespread spam attack linking to malware has broken out on Twitter, according to the security firm Sophos. The malicious tweets often read “It’s you on photo?” or “It’s about you?” The tweets and URLs often include a user’s Twitter handle. Many of the links Sophos discovered have a .RU domain name. “The attack itself is very simple, relying on people’s natural curiosity about anything they think mentions them. Including the target’s Twitter username in the link is an added hook to reel people in,” the head of Sophos’ U.S. labs, said in a statement. The links in the spammed tweets lead to a Trojan that ultimately redirects users to Russian Web sites containing the Blackhole exploit kit, Sophos said. The Blackhole exploit kit first emerged in 2010, and its use is widespread. The version of the kit being promoted on Twitter targets vulnerabilities in Adobe Reader and Shockwave Flash, according to Sophos. Source: http://www.computerworld.com/s/article/9229733/Twitter_suffers_malware_spam_outbreak

Communications Sector

44. July 30, CNET Asia – (International) Text messages and tweets blamed for Olympic TV coverage hiccups. Overwhelming text messages and tweets by hundreds of thousands of fans in London, England, had apparently disrupted the Olympics coverage of the recent men’s cycling road race, CNET Asia reported July 30. According to the International Olympics Committee (IOC), this sudden surge in data had resulted in a network outage, blocking GPS navigation information of the cyclists from reaching the Olympics commentators covering the event. The issue was attributed to oversubscription of a particular network, added an IOC spokesperson. Olympics fans in London have also been told not to send non-urgent text messages and tweets to mitigate this problem. Source: http://asia.cnet.com/text-messages-and-tweets-blamed-for-olympic-tv-coverage-hiccups-62218171.htm

45. July 29, WIBW 13 Topeka – (Kansas) Crews working on phone outage in Osage County. Phone services were down in Osage County, Kansas, July 29, after a backhoe operator cut one of the company’s fiberoptic cables. A CenturyLink spokeswoman told WIBW 13 Topeka the backhoe operator cut a fiberoptic cable between Alma and Alta Vista. She said the outage affected communities in Osage County, Wabaunsee County, and Coffey County. The Wabaunsee County sheriff’s office also released a statement, “Wabaunsee County is experiencing widespread telephone outage. Incoming and outgoing long-distance has been interrupted, as well as 911 telephone coverage.” Source: http://www.wibw.com/home/localnews/headlines/Crews-Working-On-Phone-Outage-In-Osage-County-164210156.html

46. July 27, Maysville Ledger Independent – (Kentucky) Communications slammed by storms. Storms that rolled through Kentucky July 26 and July 27, left some area residents without electricity and others with limited phone service. Lightning caused most of the problems, said the Mason County, Kentucky emergency manager. “It knocked out some phones and local television,” he said. According to the Germantown fire chief, access to Bracken County 9-1-1 dispatch from land-based phone lines was affected by the storms for a time. Callers to the non-emergency number for Bracken County 9-1-1 also continued to get a busy signal through the afternoon of July 27. In Robertson County, phone service to the courthouse annex was not working. Residents also reported phone outages in Mount Olivet and Piqua July 27. Source: http://www.maysville-online.com/news/local/communications-slammed-by-storms/article_1f6e4933-2e30-5977-b990-378d77366c86.html

47. July 27, Casper Star-Tribune – (Wyoming) FCC slaps Casper radio station owner with $68,000 fine. Nearly a year ago, a Federal Communications Commission (FCC) inspector tuned in to several radio frequencies in Casper, Wyoming, and heard music where it did not belong, the Casper Star-Tribune reported July 27. The music, from four Casper radio stations belonging to Mt. Rushmore Broadcasting Inc., sang from the company’s studios in downtown Casper to its transmission facilities for rebroadcast on regular FM radio frequencies. In Casper August 17, 2011, Mt. Rushmore Broadcasting did not have the right to broadcast using the radio links. In the case of two of the radio stations, the company had been using the unlicensed radio links for 16 years. The FCC, July 26 said on its Web site it is fining the company $68,000 for “willfully and repeatedly” violating the law, and it gave the stations’ owner 30 days to get the licenses its needs for stations KMLD 94.5 FM Casper, KASS 106.9 FM Casper, KQLT 103.7 FM Casper, and KHOC 102.5 FM Casper. Source: http://billingsgazette.com/news/state-and-regional/wyoming/fcc-slaps-casper-radio-station-owner-with-fine/article_bb05c009-9f38-5971-a85f-fe798697cdc1.html