Monday, August 13, 2012 


Daily Report

Top Stories

 • A sinkhole the size of a football field in southern Louisiana forced energy companies to halt nearby natural gas pipeline activity — idling about 150 million cubic feet of gas — and draw down fuel from a storage cavern. – Reuters

4. August 8, Reuters – (Louisiana) Louisiana sinkhole roils local natural gas network. A sinkhole the size of a football field in southern Louisiana forced energy companies to halt nearby natural gas pipeline activity and draw down fuel from a local storage cavern, Reuters reported August 8. Chevron Corp’s subsidiary, Bridgeline Holdings, declared force majeure on new injections into its salt dome storage facility near the sinkhole and the town of Napoleonville in Assumption Parish through the rest of 2012, according to a notice on its Web site. Natural gas traders said Chevron’s move to purge the gas could push an additional 4 billion to 5 billion cubic feet of gas on the market. The sinkhole, which local media reported was 372-feet wide, was discovered near the cavern August 3. The Louisiana Commissioner of Conservation issued a Declaration of Emergency August 3 due to the sinkhole, and led authorities to order evacuations. The Texas Brine Company, which has a plugged salt cavern within 100 yards of the sinkhole, was ordered to investigate the site. Unexplained bubbles discovered in the region in recent months and reported tremors were under investigation. Enterprise Product Partners, owner of the Arcadian Gas Pipeline System, said it was forced to shut two 20-inch gas pipelines near the area. Crosstex Energy said the company shut a portion of its 36-inch natural gas pipeline, taking about 150 million cubic feet a day of supply offline. Source: http://www.reuters.com/article/2012/08/08/us-chevron-natgas-idUSBRE87716I20120808

 • The Federal Aviation Administration proposed a $1 million civil penalty against a regional airline for allegedly using improper rivets on cockpit doors that it said made at least 186,189 flights ―unairworthy.‖ – CNN

15. August 9, CNN – (National; International) FAA proposes $1 million penalty against Horizon Air for cockpit door rivets. The Federal Aviation Administration (FAA) proposed a $1 million civil penalty against a regional airline for allegedly using improper rivets on cockpit doors, saying the rivets could have damaged wiring and other aircraft components, CNN reported August 9. The agency said Horizon Air operated 22 aircraft for more than 3 years with the improper rivets, making at least 186,189 flights while the planes were ―unairworthy.‖ The FAA discovered the violations in 2011 when Horizon modified a 23rd aircraft with blind rivets, and the plane experienced an incident during a flight because of wire damage, the agency said. Horizon Air was required to use solid rivets on the doors, but instead used blind rivets, which can be fastened from one side of a panel or structure, ―blind‖ to the opposite side. Source: http://www.cnn.com/2012/08/08/travel/horizon-air-penalty/index.html

 • A Dallas County, Texas judge declared a public health emergency in Dallas County August 9 due to the West Nile virus epidemic that has killed 9 people in the county this summer. – WFAA 8 Dallas

29. August 10, WFAA 8 Dallas – (Texas) Dallas County declares state of emergency due to West Nile. A Dallas County, Texas judge declared a public health emergency in Dallas County August 9 due to the West Nile virus epidemic. The judge instructed the Homeland Security and Emergency Management Department to file a local disaster declaration with the State. There have been 9 West Nile-related deaths in Dallas County this summer and 12 overall in North Texas. The judge organized a work session August 10 with county, State, and federal health and emergency management officials to discuss their response to the virus outbreak. Source: http://www.kvue.com/news/state/165714236.html

 Extensive analysis on a new cyber espionage weapon dubbed ―Gauss‖ was released August 10, stating the tool has capabilities to attack industrial control systems and steal financial data. – Help Net Security See item 37 below in the Information Technology Sector

Details

Banking and Finance Sector

11. August 9, Associated Press – (Mississippi) 3 men indicted on credit card fraud charges. Three men were indicted on charges related to the discovery of 485 credit cards and gift cards during a traffic stop in Rankin County, Mississippi, July 1, the Associated Press reported August 9. An affidavit filed in the case by a Secret Service agent said the men were pulled over in a car with Texas plates because the car allegedly swerved over a line on the highway. The affidavit said the cards were found hidden behind the dashboard. Some of the cards had the defendants’ names on them but the magnetic strips pulled up other people’s accounts. Source: http://www.sacbee.com/2012/08/09/4710014/3-men-indicted-on-credit-card.html

12. August 9, Philadelphia Inquirer – (New Jersey; South Carolina; Georgia) 10 charged in $40 million shore, resort mortgage fraud. Ten New Jersey residents were charged in a $40 million mortgage fraud scheme involving properties and resorts in New Jersey, South Carolina, and Georgia, federal officials said August 9. A New Jersey man and some of his alleged co-conspirators sought out oceanfront condominiums overbuilt by financially distressed developers and recruited straw buyers for the properties. The plotters then created false documents that made the straw buyers appear more credit-worthy than they were, the indictment alleged. Working with brokers in on the scheme, the alleged conspirators then obtained mortgages for the properties. Source: http://www.philly.com/philly/news/20120809_10_charged_in__40_million_Shore__resort_mortgage_fraud.html

13. August 9, Wired – (New York) Goldman Sachs programmer back in court on new charges. A former programmer for Goldman Sachs who downloaded source code for the investment firm’s high-speed trading system from the company’s computers was back in New York State court on new charges that he unlawfully duplicated and used the company’s proprietary code. The programmer was re-arrested the week of July 30, according to his attorney, and was slated to be arraigned in Manhattan criminal court August 9 on State charges of ―unlawful use of secret scientific material‖ and ―unlawful duplication of computer related material.‖ The new charges come after the programmer defeated previous federal charges against him for theft of the code. He was convicted in 2010 under the Economic Espionage Act of 1996. But in February 2011, an appellate court reversed that conviction. Source: http://www.wired.com/threatlevel/2012/08/sergey-aleynikov-new-charges/

For another story, see item 37 below in the Information Technology Sector
Information Technology Sector

37. August 10, Help Net Security – (International) Stuxnet cousin able to attack industrial control systems. Extensive analysis on a new cyber espionage weapon dubbed ―Gauss‖ was released August 10, stating the tool has capabilities to attack national critical infrastructure and steal financial data. Experts believe it was designed by the same source behind the state-sponsored Flame and Stuxnet cyberweapons, Gauss was discovered in June and was already found to have infected personal computers in Lebanon and other countries in the Middle East. The sophisticated malware, which not only steals system information but has a potentially dangerous ―mysterious payload,‖ also contains a module known as ―Godel,‖ which researchers concluded contains a weapon for attacking industrial control systems. Source: http://www.net-security.org/malware_news.php?id=2215

38. August 10, Help Net Security – (International) Blizzard confirms hack, urges users to change passwords. The chief executive office (CEO) of Blizzard confirmed in a letter that the company’s internal network was breached the week of August 6. The ―unauthorized and illegal access‖ was closed off, and an investigation in the matter started. It appeared that no financial information was compromised. ―Some data was illegally accessed, including a list of email addresses for global Battle.net users, outside of China. For players on North American servers (which generally includes players from North America, Latin America, Australia, New Zealand, and Southeast Asia) the answer to the personal security question, and information relating to Mobile and Dial-In Authenticators were also accessed. Based on what we currently know, this information alone is NOT enough for anyone to gain access to Battle.net accounts,‖ the CEO said. Cryptographically scrambled versions of Battle.net passwords for players on North American servers were also taken, so players were advised to change their password. Source: http://www.net-security.org/secworld.php?id=13410

39. August 10, Softpedia – (International) NIST and Venafi highlight the risks of CA compromises. With the release of a study entitled ―Preparing for and Responding to Certificate Authority Compromise and Fraudulent Certificate Issuance,‖ the National Institute of Standards and Technology (NIST) and Venafi are aiming to alert organizations to the risks posed by a security breach that affects certificate authorities (CAs). The bulletin, a result of the collaboration between NIST’s Information Technology Laboratory (ITL) and the EKCM solutions provider, is meant to alert and advise government and private agencies on what must be done if certificates are fraudulently issued. In the past few years, digital certificates, their issuers and private keys have become a tempting target for cyber criminals. Large organizations may use up to tens of thousands of certificates and encryption keys to secure communications, and they must be aware that misplacing any of them could have devastating consequences. To mitigate the risks posed by an incident that affects a CA, organizations must secure CAs, establish a proper inventory of all the certificates they utilize, identify certificate replacement procedures, and seek out backup sources for the rapid acquisition of new certificates. Source: http://news.softpedia.com/news/NIST-and-Venafi-Highlight-the-Risks-of-CA-Compromises-286026.shtml

40. August 10, Softpedia – (National) FBI on Reveton ransomware: We are getting dozens of complaints every day. The FBI’s Internet Crime Complaint Center has become inundated with complaints received from Internet users who have had their computers locked-down by a malicious computer virus. The main actor in these incidents is the Reventon ransomware. Some variants hijack the Web camera, take a picture of the computer’s owner, and display it on the locked screen. The organization issued a warning regarding Reveton in May 2012, but the number of infections has increased considerably since then. Source: http://news.softpedia.com/news/FBI-on-Reveton-Ransomware-We-are-Getting-Dozens-of-Complaints-Every-Day-286054.shtml

41. August 9, ZDNet – (International) Adobe warns of critical holes in Reader, Acrobat. August 9, Adobe announced it would release an update for Adobe Reader (9.5.1) and Acrobat (10.1.3) and earlier versions for both Windows and Mac to fix critical security flaws. The updates will be released August 14. The flaws are rated ―critical,‖ meaning malicious native-code can be executed without a user’s knowledge. Out of the six versions of Adobe Reader and Adobe Acrobat, four have a priority rating of 2, signifying ―a vulnerability that has historically been at elevated risk,‖ despite ―no known exploits.‖ However, both products have versions for Windows and Mac that are at rating 1, noting that a vulnerability is ―being targeted‖ or at a ―higher risk of being targeted.‖ These updates should be installed within 72 hours of the security fix release. Source: http://www.zdnet.com/adobe-warns-of-critical-holes-in-reader-acrobat-7000002395/

42. August 9, Computerworld – (International) Microsoft plans patches for ‘hacker’s playground’. August 9, Microsoft said it will patch at least 14 vulnerabilities August 14, including 4 in Internet Explorer, making it 3 months in a row that the company plugged holes in its browser. Of the nine updates, five will be labeled ―critical.‖ The other four will be pegged ―important.‖ The most important items are the patches for Exchange, the email server software used by most companies, and SQL Server, the database that runs many corporations’ internal and external processes, including powering Web sites and providing workers with everything from business intelligence to financial information. Source: http://www.computerworld.com/s/article/9230147/Microsoft_plans_patches_for_hacker_s_playground

43. August 9, Threatpost – (International) Researcher finds technique to bypass Microsoft’s EMET protections. The Enhanced Mitigation Experience Toolkit (EMET), which Microsoft updated in July to include one of the three technologies that were finalists in the company’s BlueHat Prize competition, is designed to prevent certain kinds of exploits from targeting software vulnerabilities. However, a researcher posted two exploits he developed that can bypass the protections in the newest version of EMET. The researcher said he used an exploit for CVE-2011-1260, a flaw in Internet Explorer, to demonstrate the bypass. Source: http://threatpost.com/en_us/blogs/researcher-finds-technique-bypass-microsofts-emet-protections-080912

For more stories, see items 13 above in the Banking and Finance Sector
Communications Sector

44. August 10, Youngstown Vindicator – (Ohio) AT&T confirms recent cellular outage. An AT&T spokesman confirmed that several towers and cell sites were knocked offline in the Youngstown, Ohio area August 8, the Youngstown Vindicator reported August 10. A spokesman for the communications company said AT&T had not yet found the cause of the outage, but he did say that it led to ―degraded service‖ for some area customers most of August 8. The company’s technicians and engineers were able to resolve the problem by the afternoon of August 8. He said the outage is not common, and the incident was confined to sites in and around Youngstown. Source: http://www.vindy.com/news/2012/aug/10/atampt-confirms-recent-cellular-outage/

45. August 9, Charleston Daily Mail – (West Virginia) Thousands without Frontier service. Services were disrupted to about 3,000 Frontier Communications customers in Kanawha County, West Virginia August 8. The company notified customers by automated calls. The outage occurred when a contractor involved in a construction project at Spring and Bullitt streets cut two major underground Frontier Communications cables, knocking out service to customers from Bigley Avenue to the Mink Shoals area. The company’s communications manager for West Virginia said the cables were ―significant‖ in size. A crew worked overnight August 8 into August 9 to repair the cable, he said. Source: http://www.dailymail.com/News/Kanawha/201208090071

For another story, see item 42 above in the Information Technology Sector