Tuesday, September 25, 2012
Daily Report
Top Stories
• Firefighters put out a fire and plugged a
leak in an overturned propane tank truck that prompted the evacuation of
buildings in a 1-mile radius, and the closure of many streets in Bedminster,
Pennsylvania. – Philadelphia Inquirer
2.
September 24, Philadelphia Inquirer –
(Pennsylvania) Propane tank truck fire under control in Bucks. Firefighters
put out a fire and plugged a leak in an overturned propane tank truck that
prompted the evacuation of buildings in a 1-mile radius of the crash in a
mostly rural stretch of Bedminster, Pennsylvania, the Philadelphia Inquirer
reported September 24. It was not clear yet when evacuees would be allowed to
return to their homes and businesses and roads remained closed in the area as
crews prepared to transfer propane still in the tank to another vehicle. At
least one person was reported injured in the crash between another vehicle and
the tanker that sparked a stubborn fire on Easton Road (Route 611) near
Creamery Road. Instead of attacking the fire directly, firefighters poured
water on the propane tank to keep it cool and to prevent it from exploding.
Some units were to remain at the scene while the remaining propane was transferred
to another tank. During the operation, commanders brought in more units to
relieve firefighters, and a diesel fuel truck to refuel fire vehicles.
Buildings in the area include a Kimberton Whole Foods Store, medical offices,
and the Ottisville Volunteer Fire Co. Source: http://www.philly.com/philly/news/20120924_Flaming_propane_truck_shuts_road__prompts_evacuations.html
• Federal prosecutors announced charges
against nine more defendants in an ongoing mortgage fraud case involving more
than $100 million in loans and at least 80 homes in and around Union County,
North Carolina. – Charlotte Observer See item 13 below in the Banking and Finance Sector
• Heavy rains and flooding in Alaska forced
the evacuation of a town, washed out roads, and damaged 70 miles of train
tracks. – Associated Press
19.
September 22, Associated Press –
(Alaska) Floods bring evacuation in Alaska town. Residents of Talkeetna,
Alaska, were asked to leave because of the threat of flooding from the
rain-swollen Talkeetna River after it breached a levee west of town in two or three
places, the Associated Press reported September 22. Flooding from heavy rains
caused problems over a wide part of Alaska, from Talkeetna, near the base of
Mount McKinley, to the port town of Seward, about 150 miles to the south. Many
roads were closed or washed out, and landslides were reported. The governor
toured the area by helicopter and declared a State disaster for the areas hit
by the flooding. The flooding and high winds have interrupted passenger and
freight train traffic since September 18, said a spokeswoman for Alaska
Railroad. Trains scheduled to travel north of the Anchorage suburb of Wasilla
were canceled at least until September 24. Crews were dealing with washouts and
bridge damage in several areas along a 70-mile stretch of railway. Overnight
rain totals ranged from 0.5 inches to 1.5 inches north of Anchorage in the
Matanuska-Susitna Borough, a National Weather Service hydrologist said
September 21. The Talkeetna River was 4 feet above flood level and within a
foot of its record stage of 17.4 feet. Water covered 35 percent of Talkeetna
September 21, said the borough spokeswoman. Source: http://www.nytimes.com/2012/09/23/us/talkeetna-alaska-faces-flooding.html?_r=1
• Grocery store chain Trader Joe’s has
recalled peanut butter linked to 29 Salmonella illnesses in 18 States. – Associated
Press
24.
September 24, Associated Press –
(National) Trader Joe’s recalls peanut butter linked to Salmonella cases. Grocery
store chain Trader Joe’s recalled peanut butter linked to 29 Salmonella
illnesses in 18 States, the Associated Press reported September 24. The U.S.
Food and Drug Administration (FDA) and the Centers for Disease Control (CDC)
said the store’s Creamy Salted Valencia Peanut Butter, which is sold
nationwide, is the likely source of the outbreak. The agencies are
investigating whether any other items sold at the store could be contaminated.
The FDA issued a statement saying the FDA, the CDC, and the State of California
briefed Trader Joe’s on its investigation showing the link between the peanut
butter and the illnesses September 20; Trader Joe’s then agreed to remove the
product from store shelves. According to the individual States’ health
departments, three cases were in Massachusetts, one was in Rhode Island, and
one was in North Carolina. The CDC said people became sick June 11 to as recent
as September 2. Source: http://www.latimes.com/business/la-fi-peanut-butter-recall-20120924,0,5228064.story
• A female kitchen employee was killed and
another seriously injured in a disturbance involving an inmate while breakfast
was being prepared at Arkansas Valley Correctional Facility in Crowley,
Colorado. – Associated Press
33.
September 24, Associated Press –
(Colorado) 1 staffer killed, another injured in Colo. prison. A female
kitchen employee was killed and another seriously injured September 24 in a
disturbance involving an inmate while breakfast was being prepared at Arkansas
Valley Correctional Facility in Crowley, Colorado, a spokeswoman said. State
investigators were called to the prison to try to determine what happened.
Meals were being delivered from other facilities after the kitchen was shut down,
and the prison was placed on lockdown. Source: http://www.wect.com/story/19622431/2-staffers-injured-in-sw-colo-prison-disturbance
Details
Banking and Finance Sector
11. September
24, Financial Industry Regulatory Authority – (National) FINRA
fines Merrill Lynch $500,000 for failing to file required reports. The
Financial Industry Regulatory Authority (FINRA) announced September 24 that it
censured and fined Merrill Lynch, Pierce, Fenner & Smith Inc. $500,000 for
supervisory failures that allowed widespread deficiencies in filing hundreds of
required reports, including customer complaints, arbitration claims, and
related U4 and U5 filings, and for its failure to file the required reports.
The violations, which went undetected for years, may have hampered investors’
ability to assess the background of certain brokers via BrokerCheck, FINRA’s
public disclosure program. They also may have compromised firms’ ability to
conduct background checks when making hiring decisions, reduced the ability of
securities regulators to review brokers’ transfer applications, and hindered
FINRA from promptly investigating certain disclosure items. Merill Lynch failed
to file or timely file required report, complains, and settlements, and failed
to adequately train and supervise personnel responsible for complaint tracking
and reporting. Source:
g/Newsroom/NewsReleases/2012/P177007?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+FINRANews+(FINRA+News)&utm_content=Google+Reader
12. September
23, Associated Press – (National) Justice Dept to highlight investment fraud scams. With
investment fraud cases piling up in the weak economy, the U.S. Justice
Department (DOJ) is holding summits around the country to warn investors about
the scams, which are often carried out by people with personal ties to the
victims, the Associated Press reported September 23. The first regional
conference is set for October 1 in Connecticut, where federal prosecutors have
announced several fraud cases in September, including that of a man who cheated
clients from his church. Summits are also planned for later October in
Cleveland, Nashville, Miami, Denver, and San Francisco. Nationwide, federal
prosecutors looking at investment cases from the last 2 years identified 500
prosecutions that targeted 800 defendants and involved more than $20 billion in
fraud, a U.S. attorney said. The northeastern summit, hosted by the DOJ as well
as the Securities and Exchange Commission, will bring together officials from
agencies including the FBI as well as top federal prosecutors from neighboring
States at the Stamford campus of the University of Connecticut. Topics to be
addressed include case studies and the perspective of fraud victims. Source: http://www.google.com/hostednews/ap/article/ALeqM5iQyVrPqzBZyH7yA_CrUc_FTXcg5A?docId=33e7e50f1f8145d5aba40fcc17d43880
13. September
21, Charlotte Observer – (North Carolina) Nine more charged in
mortgage scheme. Federal prosecutors announced charges September 21 against
nine more defendants in an ongoing mortgage fraud case involving more than $100
million in loans and at least 80 homes in and around Union County, North
Carolina. The U.S. Attorney’s Office for the Western District of North Carolina
charged six people with mortgage fraud, bank bribery, money laundering, and
wire fraud. Three more defendants agreed to plead guilty. Prosecutors have
charged 50 defendants to date. The charges were part of a long-running investigation
known as Operation Wax House that targeted a mortgage fraud cell operating from
2006-2007 in Union and Mecklenburg counties. Defendants involved included
promoters, mortgage brokers, lawyers, real estate agents, builders, and
homebuyers. There was also a bank bribery conspiracy, involving a bank insider
who provided false verifications of deposits. Those involved in the alleged
fraud agreed with sellers that they would buy a new house at its true price.
They then worked with buyers, who would pretend to have the assets to buy the
homes, to take out a loan to buy the house from them at an inflated value,
generally $200,000 to $500,000 over its actual value. At closing, the
participants in the scheme would split the difference. Source: http://www.charlotteobserver.com/2012/09/21/3547589/nine-more-charged-in-mortgage.html
14. September
21, U.S Attorneys Office; Federal Bureau of Investigation; Internal Revenue
Service – (Massachusetts) Former Needham real estate attorney convicted
of mortgage fraud. An attorney formerly operating a real estate practice in
Needham, Massachusetts, was convicted September 20 in federal court on 38
counts of wire fraud and money laundering in connection with $4.9 million in
fraudulent mortgage loans. Evidence presented at trial showed that in December
2006 and January 2007, the attorney participated in a scheme to defraud 6
mortgage lenders in connection for the purchases of 24 condominium units in the
Dorchester community in Boston. The evidence showed that when he and an
associate acting under his direction closed the loans, documents sent to the
mortgage lenders falsely represented that funds had been collected at the closings
from borrowers when in fact borrowers made no down payments and paid no funds.
The attorney entered into an undisclosed agreement with the seller to subtract
from the seller’s proceeds all the funds reported to the lenders as coming from
the borrowers, and he used various other means to conceal from the lenders that
the borrowers had provided no funds for the purchases. Source: http://www.wickedlocal.com/needham/news/x670725293/Former-Needham-real-estate-attorney-convicted-of-mortgage-fraud#axzz27PFKqD3v
15. September
20, Wall Street Journal – (Nevada; International) U.S. regulators
concerned about Vegas bets on Chinese VIPs. U.S. regulators are worried
about a Macau-based foreign tour industry they say exposes Las Vegas to money
laundering, the Wall Street Journal reported September 20. The paper reported
how some Chinese high-roller gamblers use ―junkets,‖ as foreign-tour operators
are known, to get around a requirement that Chinese residents only take $50,000
in currency abroad a year. U.S. casinos are increasing their bets on the
business, much to the concern of regulators worried that junket operators are
bringing new money laundering methods to Las Vegas. The U.S. Treasury
Department’s Financial Crime Enforcement Network (FinCEN) issued a Web alert in
August to casinos advising them to monitor junket operations and junket patrons
and report ―all available information‖ on any suspicious activity. Some junket
industry activity on FinCEN’s radar includes obscuring the source of their
funding, the method for transferring it to high rollers, and the identities of
the gamblers themselves. Source: http://blogs.wsj.com/corruption-currents/2012/09/20/u-s-regulators-concerned-about-vegas-bets-on-chinese-vips/
Information Technology Sector
38. September
24, SC Magazine Australia – (International) Hacktivism skews
security trend analysis. The re-emergence of the hacktivist movement
appears to have caused complications for those in the information security
industry charged with data breach trend analysis. There has been a series of
massive data breaches over the last 16 months — each of which compromised more
than 1 million identities. During the same time, much smaller incidents
occurred in which only a handful of records were stolen. CQR Consulting’s chief
technology officer said in July that the Anonymous hacking collective ―tend[ed]
to find the vulnerable sites first, and justify their actions afterwards.‖ The
Symantec’s August Intelligence Report reflected the skewed results in a
comparison of the first 8 months of 2012 against the last 8 months of 2011,
covering what the company said was the revival of the hacktivist AntiSec
(anti-security) campaign. Source: http://www.scmagazine.com.au/News/316698,hacktivism-skews-security-trend-analysis.aspx
39. September
24, The Register – (International) Google Go language gets used: For
file-scrambling trojan, though. Virus writers are experimenting with
Google’s Go as a programming language for malware. The Encriyoko trojan uses
components written in Go, a compiled language developed by the search company.
Go was originally developed by Google in 2009. Once installed on a Microsoft
Windows PC, the trojan attempts to use the Blowfish algorithm to encrypt all
files matching various criteria including particular document types and a range
of file sizes. The key used to encrypt the data is either pulled from a
particular file on the D: drive or is randomly generated. This renders the data
useless to its owner if the cipher cannot be recovered. The malware is
circulating in the wild, and disguises itself as a tool to ―root‖ Samsung
Galaxy smartphones. Source: http://www.theregister.co.uk/2012/09/24/google_go_trojan/
40. September
23, Computerworld – (International) Clues, experts say Microsoft knew of IE
zero-day for weeks before patching. Microsoft may have known about the
recent zero-day bug in Internet Explorer (IE) from for some time, according to
its security advisory. The vulnerability, which was patched September 21 in an
emergency, or ―out-of-band,‖ update, first became public September 15 when a
researcher found an exploit on a known hacker server. The news prompted
Microsoft to create a blocking tool within 3 days, then a fix for the flaw 3
days later. However, the company’s security team likely knew of the bug long
before that. Source: http://www.computerworld.com/s/article/9231620/Clues_experts_say_Microsoft_knew_of_IE_zero_day_for_weeks_before_patching
41. September
22, The Register – (International) Microsoft issues IE 10 Flash flaw fix for
Windows 8. Soon after an update that fixed the recent zero-day flaw
discovered in Internet Explorer (IE) versions 7, 8, and 9, Microsoft released a
separate patch that solves issues related to the Adobe Flash Player component
of IE 10. The current Flash vulnerabilities only affect IE 10 running on
Windows 8 and Windows 2012 server, meaning most Windows users are not
vulnerable. However, although Microsoft’s latest operating systems have yet to
ship to retail customers, they are already available to volume licensees and
subscribers to Microsoft’s MSDN and TechNet programs. Source: http://www.theregister.co.uk/2012/09/22/win8_ie10_flash_fix/
42. September
21, The H – (International) Brute-force attack on Oracle passwords
feasible. A security researcher provided details on vulnerabilities in the
authentication protocol of Oracle’s database that he originally discovered in
2010. The researcher, from security specialist AppSec, presented his findings
and the methods by which they can be exploited at the ekoparty Security
Conference in Buenos Aires, Brazil. Although Oracle closed the hole with the
11.2.0.3 patch set, which introduced the new version 12 of the protocol in
mid-2011, the researcher said there has been no fix for versions 11.1 and 11.2
of the database because the update was never included in any of Oracle’s
regular ―critical patch updates.‖ Source: http://www.h-online.com/security/news/item/Brute-force-attack-on-Oracle-passwords-feasible-1714357.html
Communications Sector
See
item 39 above in the Information Technology Sector
Department of Homeland Security
(DHS)
DHS Daily Open Source Infrastructure Report Contact Information
About the reports - The DHS Daily Open Source Infrastructure Report is a daily [Monday through Friday]
summary of open-source published
information
concerning significant critical infrastructure issues. The DHS Daily Open Source Infrastructure Report is archived for ten days on
the
Department of Homeland Security Web site: http://www.dhs.gov/IPDailyReport
Contact Information
Content and Suggestions: Send mail to cikr.productfeedback@hq.dhs.gov or contact the DHS
Daily Report Team at (703)387-2314
Subscribe to
the
Distribution List: Visit the
DHS Daily Open Source Infrastructure Report and follow
instructions to
Get e-mail updates when this information
changes.
Contact DHS
To report physical infrastructure incidents or to request information, please contact the National Infrastructure
To report cyber infrastructure incidents or to
request information,
please contact US-CERT at soc@us-cert.gov or visit their Web
page at www.us-cert.go v.
Department of Homeland Security Disclaimer
The DHS Daily Open Source Infrastructure Report is a non-commercial publication intended to
educate and
inform personnel engaged
in infrastructure protection. Further reproduction
or redistribution is subject to original copyright
restrictions. DHS provides no
warranty of ownership of the copyright,
or accuracy with respect to
the
original
source material.