Monday, September 13, 2010

My apologies for the lack of a timely report! As of 3:14pm the full report has not been published. As soon as it is I will produce my summary.

Complete DHS Daily Report for September 13, 2010

Daily Report

Top Stories

•Federal investigators launched a probe September 10 into a natural gas pipeline explosion in San Bruno, California, that has killed at least six people and damaged or destroyed 170 homes, according to Dow Jones Newswires. The explosion ignited a fireball as high as 100 feet, which led to several fires that raged out of control for hours. (See item 3)

3. September 10, Dow Jones Newswires – (California) NTSB opens probe into California gas pipeline blast. Federal investigators launched a probe September 10 into a natural gas pipeline explosion in San Bruno, California, that has killed six people and damaged or destroyed 170 homes. The explosion ignited a fireball as high as 100 feet that burned for more than an hour, fed by the Pacific Gas & Electric (PG&E) Corporation gas line. The blast left behind a crater as the blaze quickly spread, whipped by high winds, to houses in several blocks near San Francisco International Airport. A number of fires raged out of control hours after the initial explosion, and parts of the affected neighborhoods looked like a war zone with several homes up in flames and debris littering the streets. The National Transportation Safety Board (NTSB) has dispatched investigators where the gas transmission line ruptured and exploded September 9. Fire officials expect the death toll to rise from six people, according to the Los Angeles Times. PG&E’s in a statement said it has isolated the damaged section of the 30-inch steel transmission pipe and stopped the flow of gas. The utility is working to make the area safe and assess the damage. The blast raises questions about the integrity of energy infrastructure in the United States and comes on the heels of other high-profile and fatal accidents, including the explosion and sinking of the Deepwater Horizon oil rig in the Gulf of Mexico and an explosion at a Massey Energy Co. coal mine in West Virgina. California’s lieutenant governor declared a state of emergency in the area. PG&E said it would cooperate with NTSB in its investigation of the blast. The utility estimates approximately 300 customers were without gas service and about 700 customers remained without electricity as of 4 a.m. local time September 10. The California Public Utilities Commission has launched an investigation and the U.S. Pipeline and Hazardous Materials Safety Administration, which regulates pipelines, is sending investigators to the site as well. Source:

•IDG News Service reports that security experts warned September 9 of a fast-spreading e-mail worm, the first large outbreak of this type in nearly a decade. See item 46 below in the Information Technology Sector.


Banking and Finance Sector

14. September 10, 7th Space Interactive – (National) Bank employee pleads guilty to role in bid-rigging and fraud conspiracies. A former employee of a national bank pled guilty to participating in bid-rigging and fraud conspiracies related to contracts for the investment of municipal bond proceeds and other municipal finance contracts, the Department of Justice announced September 10. According to proceedings in the U.S. District Court in New York City, the man engaged in separte bid-rigging and fraud conspiracies related to the provision of a type of contract, known as an investment agreement, to public entities throughout the United State, such as state, county and local governments and agencies. He also pleaded guilty to one count of wire fraud. According to the plea agreement, the man has agreed to cooperate with the ongoing investigation. Three other individuals have pleaded guilty to charges related to the investigation. Also, three former financial services executives were indicted July 27, 2010, for participating in fraud schemes and conspiracies related to the bidding for investment agreements. In October 2009, CDR Financial Products, two employees, and one former employee were charged for participating in bid-rigging and fraud conspiracies and related crimes. The CDR trial is slated to begin September 12, 2011. Source:

15. September 10, Batavia Daily News – (New York) Batavia gas station owner accused of credit card fraud. The owner of a Batavia, New York, Sunoco gas station has been accused of fraudulently using credit card information, according to a joint invesitigation by the U.S. Secret Service and the Batavia City Police Department. The man was arrested in federal court September 7 on charges of bank fraud, as well as fraud and related activity in connection with access devices. The arrest was the result of an extensive joint investigation between the two agencies. It is alleged the suspect fraudulently used credit card information belonging to more than one person, and on more than one occasion, to purchase building materials at Armor Building Supply in Batavia on several dates in 2009. Source:

16. September 10, Richmond Times-Dispatch – (National) 7 charged in Richmond in insurance-fraud case. More than 800 investors in the United States and Canada allegedly were swindled out of at least $100 million in a scheme involving life-insurance settlements. “This case involved elderly retirees and others who gave most — and in some cases, all — of their life savings and have seen it all disappear,” a U.S. Attorney said at a news conference in Richmond, Virginia. Uncovering the fraud marks the first national financial fraud case coordinated by the Virginia Financial and Securities Fraud Task Force, a partnership formed in May between federal and state investigators and regulators. The U.S. attorney’s office in Richmond charged and arrested three executives of A&O Resource Management in Houston, Texas. It also charged four others in connection with the fraud, including one who solicited investors in the Richmond area. All of the suspects are from the Houston area, and each was charged in federal court with one count of conspiracy to commit mail fraud, six counts of mail fraud, one count of conspiracy to commit money laundering, six counts of money laundering, and four counts of securities fraud. Source:

17. September 10, Associated Press – (National) Celebrity financial adviser pleads guilty in $59M scam. A financial adviser has pleaded guilty to fraud, admitting he cheated wealthy and elderly clients alike out of tens of millions of dollars. His firm, Starr & Co., managed the assets of, and provided financial planning and investment advice to high net-worth and celebrity clients. He entered the plea September 10 in Manhattan, New York, federal court. The 66-year-old adviser has been jailed since his May arrest. Prosecutors said he carried out his Ponzi-like scheme from January 2008 through April. Among other things, he paid bills for his clients, assisted them with tax filings, and recommended investments to them. In some cases, the now admitted swindler assumed total control over his clients’ financial lives by collecting their earnings, investing their savings, and paying their bills. Source:

18. September 9, Computerworld – (National) Hotel operator warns of data breach. HEI Hospitality, owner and operator of upscale hotels operating under the Marriott, Sheraton, Westin, and other monikers, has sent letters informing some 3,400 customers that their credit card data may have been compromised. The warning stems from an intrusion into point of sale systems at several HEI properties earlier this year, which could have allowed card holder data to be illegally accessed, the company said in the letter. The intrusion could have exposed to hackers a variety of information, including credit card types, credit card numbers, expiration dates, and security codes stored in the magnetic stripe on the back of each card. The intrusions occurred between March and April, and the company sent out notification letters in August. The breach appears to have stayed largely under the media radar until it was reported the week of September 6 by An HEI spokesman said September 9 that though the company has notified 3,400 customers, there is no indication so far that the credit card data has been misused. Source:

19. September 8, Atlanta Journal-Constitution – (Georgia) Bank robbery duo strikes again. Bank robbers known to sport straggly, black wigs struck again September 8 in Gwinnett County, Georgia, the FBI said. The two armed men entered a Wachovia branch in the 3000 block of Centerville Highway wearing masks. Those in the bank were forced to the floor and a single gunshot was fired into the ceiling. The duo is believed to be responsible for at least six other similar heists around the metro Atlanta area. While they often wear black wigs, the two men are also known to don masks. No one was injured, but a bank employee was transported to the hospital for observation. The men took an undisclosed amount of cash and left the bank in a Dodge Magnum, which was recovered nearby. The car previously had been reported stolen in Cobb County. One robber is described as a black male, 20-30 years old and between 5-feet-8 and 5-feet-10 inches tall. The second robber is also a black male, 20-25 years old and 6-feet tall. Source:

Information Technology

44. September 10, Poughkeepsie Journal – (New York) IBM plant releases small amount of dust. Emergency crews were called to the IBM facility in East Fishkill, New York September 9 after there was an emission of small particles into the air outside of building 330D. “There was a release of a particulate material — a dust — from the site exhaust system,” an IBM spokesman said in an e-mail. “Based on our current understanding, there was no health or environmental risks, but as a precaution we are going to have the material tested. We didn’t have to evacuate; there was no shutdown.” An IBM East Fishkill emergency control team was at the scene cleaning cars in a nearby parking lot, according to the state Department of Environmental Conservation. A DEC Region 3 spokeswoman said the emission was a small amount of fluoride and “not a reportable spill.” She said the emission occurred during the cleaning of air-control equipment. Source:

45. September 9, eWeek – (International) Microsoft plans Windows security fixes for patch Tuesday. Microsoft is planning to release nine security bulletins for September’s patch Tuesday, September 14. The bulletins are slated to address 13 vulnerabilities. Four of the bulletins carry a rating of “critical.” Among those are fixes for remote code execution bugs in Microsoft Office and Windows. The remaining five bulletins — which are all rated “important” — all affect Windows, and include both privilege escalation and remote execution issues. “I expect some of the bulletins to address DLL Hijacking issues in Microsoft’s own products, but it will be interesting to see if Microsoft will change its guidance for Hotfix KB2264107,” blogged the CTO of Qualys. “Currently it is only at the advisory level and users have to make an active decision to get protection against DLL Hijacking in 3rd party applications,” he wrote. “As last month, Windows XP SP2 users do not have any patches supplied to them, even though the majority of updates for XP SP3 most likely apply to their discontinued version of the OS as well,” he added. “Windows XP SP2 users should upgrade to SP3 as quickly as possible.” Source:

46. September 9, IDG News Service – (International) ‘Here you have’ e-mail worm spreads quickly. Security experts warned September 9 of a fast-spreading e-mail worm, the first large outbreak of this type in nearly a decade. The worm appears in e-mail messages with the subject “Here you have,” and contains what seems to be a link to an Adobe PDF file. In fact, the link takes the victim to a Web page hosted on the domain that then tries to download a screensaver (.scr) file. If the user agrees to installing that file, he is then infected by the worm, which mails itself to his e-mail contacts. The worm bogged down corporate e-mail systems September 9 as victims inadvertently spammed coworkers, overwhelming some servers. ABC News reported that the National Aeronautics and Space Administration, Comcast, AIG, Disney, Procter & Gamble, and others were hit by the outbreak. As of Thursday afternoon, the worm was undetected by most antivirus programs, according to the VirusTotal Web site. The worm is a type of malware that has not been a major problem since around 2002, according to a senior manager with Symantec Security Response. It seems to do nothing more than sent itself out, and it appeared to be affecting Outlook e-mail users. The worm also spreads by copying itself to the computers’ local drives, (C: and H:) as well as well as drives that are shared over the network, Microsoft said in an analysis of the infection. Symantec started blocking the worm at around 10:30 a.m. Pacific Time September 9 and quickly stopped 65,000 messages, according to the Symantec manager. The number soon ballooned beyond that, but the worm may now have a hard time spreading, because the malicious file on appears to have been taken down, he said. Source:

47. September 9, DarkReading – (International) New Adobe attack using stolen certificates. Adobe issued an advisory September 8 about attacks in the wild exploiting a new bug the software firm had just learned of the day before. The critical flaw affects Adobe Reader 9.3.4 and earlier for Windows, Macintosh, and Unix, and Acrobat 9.3.4 for Windows and Mac. Meanwhile, a senior antivirus researcher for Kaspersky Lab studied an attack exploiting the flaw that uses a stolen digital certificate from a credit union to sign the infected PDF file. He said as this technique takes off, it will result in more missed attacks as well as more false positives from security software. “I predict that the security industry will have more misses of these files that come with stolen signatures, or [have] more false positives. We could well be in this high false positives [trend] next year, which we haven’t seen in a while,” he said. The attack also uses return-oriented programming. It sneaks by Microsoft’s Data Execution Protection and Address Space Layout Randomization, he noted. Source:

48. September 7, IDG News Service – (International) Gmail spam bug traced to routing system update. A bug introduced during a routing system update caused Gmail to turn some users into unintentional spammers by resending some messages multiple times to increasingly annoyed recipients. The problem started on August 19 and was fixed the evening of August 25. To prevent a similar problem from happening again, Google is pledging to sharpen its monitoring of mail flow after implementing a system update, as well as to proactively test to ensure message duplication is not occurring, according to the report. The bug affected no more than 2.5 percent of Gmail users, of which Google said there are “hundreds of millions,” so the number of Gmail users hit likely ranged from hundreds of thousands to several million, not counting the impacted recipients. Source:

Communications Sector

49. September 10, LaSalle News Tribune – (Illinois) Cut cable leads to major phone outage. A phone outage in Illinois, stretching from Putnam County through far northeastern Bureau County and into Mendota lasted at least 6 hours September 9. A spokesman for Frontier Communications confirmed long-distance phone and Internet service was interrupted due to a cut fiber optic cable in Princeton. Local calls still worked in most areas, though some pockets were without any service. A Spring Valley dispatcher learned of the outage at about 10:09 a.m. The bureau emergency communications dispatch center director said the outage was discovered at about 10:20 a.m., after a line apparently was cut at North Sixth Street and Backbone Road. Frontier Communications — which now services the lines that formerly belonged to Verizon — dispatched crews to the scene. Power was restored to some area communities between 4 and 5 p.m. Source:

50. September 10, Homeland Security NewsWire – (National) How to prevent hacker-induced smart-phone paralysis. Researchers are working on a way to prevent malicious access to smartphones that would allow distributed denial of service attacks that could compromise a sufficient number of smartphones so as to knock out normal cell phone service. But such a system is nowhere near being implemented yet, leaving many smartphones vulnerable to being compromised and exploited. According to Technology Review, even if an attack of this kind never happens, the growing ubiquity of smartphones, along with the sensitive information they carry, makes it likely that exploits will continue to proliferate. That could be more than just a route to identity theft — rogue software could also slow cell phone networks in general. The solution, proposes a pair of researchers at the University of Colorado at Boulder, is to devise an effective way to check smartphones for viruses. It sounds simple, but the problem is that smartphones do not have the battery life to be constantly running onboard virus-scanning software. So the researchers propose running the virus scans on the PC to which smartphones are often connected. Source:

51. September 9, Newark Star-Ledger – (New Jersey) Verizon telephone-line outage causes communication problems. Some Morris County, New Jersey, governmental offices at the West Hanover Avenue Complex in Morris Township are experiencing significant communication problems because of a Verizon telephone-line outage that is expected to last until the evening of September 10, county officials announced September 9. Offices most impacted were the office of temporary assistance and Morris View Healthcare Center, and there also are partial outages at the division on aging, disabilities and veterans. The office of temporary assistance is able to receive new applications but will not be able to process them until next week, and also will not be able to provide electronic benefits transfer cards to access benefits. Although regular phone service also is out at Morris View Healthcare Center, the facility is fully functional and equipped with two-way radios, cell phones and e-mail for communication. The outages occurred when a tanker truck overturned on Meadow Bluff and Old Dover roads in Parsippany around 7:30 a.m. Source:

52. September 9, Orangeburg Times and Democrat – (South Carolina) Phones out in eastern Orangeburg County. Many residents in Branchville, Eutawville and Holly Hill, South Carolina, were without phone service September 9 while a fiber optic line was being repaired. Residents were unable to make long-distance or 9-1-1 calls, but may be able to make calls within their own areas. Cell phone service may also be unavailable because cell towers use fiber optic lines. The outage could last for an additional 5 hours, the Orangeburg County Emergency Operations Center said September 9. Source:

53. September 9, WBBH 2 Fort Meyers – (Florida) Copper stolen from cell phone tower. An AT&T representative reported the theft of copper wire from a communications tower on Corkscrew Road in Estero, Florida, according to Lee County Sheriff’s Office reports. The AT&T field supervisor contacted deputies after he discovered the theft September 8. He told deputies that between August 3 and September 8, someone entered the fenced compound and gained access to the communications tower. The person cut and removed three to four bundles of copper grounding wire, reports said. The bundles were two to three feet long by 2 inches wide. It will cost $10,000 to repair the damage. The fence surrounding the tower was not damaged, and the lock to the gate was still intact. Source:

54. September 9, WIVB 4 Buffalo – (New York) 97 Rock and The Edge forced to evacuate. The morning show crew at 97 Rock in Buffalo, New York, was forced to evacuate and knock off live programming because of a nearby fire. Employees were told by authorities to leave the building for their own safety. The on-air staff at 97 Rock had to figure out how to program all of the music and commercials, and tell listeners that they were leaving because of a fire in their backyard. One 97 Rock employee explained, “The window that’s in our lunch room, all you could see was orange flame, then there was an explosion, and then this funnel of black smoke where we went, ‘Okay, time to leave!’ ” Source:

55. September 9, Government Computer News – (International) A new domain signs on with DNSSEC. The .info top-level domain, the Internet’s seventh largest TLD with more than 6.5 million registered domains within it, was digitally signed September 1 to enable use of the DNS Security Extensions. The delegation signer records have been published in the DNS Root to enable validation of signatures on Domain Name Service query responses. The signing is part of an effort by Afilias Ltd. of Dublin, a provider of Internet registry and back-end services, to deploy DNSSEC to 13 additional TLDs by year end. There will be a “friends and family” period during which the signatures will be used within a handful of .info domains before it is rolled out to the entire registered population. The Domain Name System maps domain names to IP addresses and underlies nearly all Internet activities. DNSSEC enables digital signatures on DNS data and query responses so they can be authenticated with public cryptographic keys, making them harder to spoof or manipulate. This will help to combat attacks such as pharming, cache poisoning, and DNS redirection that are used to commit fraud and identity theft and to distribute malware. Source:

56. September 9, Dr. Dobb’s Journal – (International) First geometric ‘atlas’ of the Internet created. Computer scientists at the San Diego Supercomputer Center and the Cooperative Association for Internet Data Analysis at the University of California, San Diego, in collaboration with researchers at Universitat de Barcelona in Spain and the University of Cyprus, have created the first geometric “atlas” of the Internet as part of a project to prevent the world’s most ubiquitous form of communication from collapsing within the next decade or so. The researchers discovered a latent hyperbolic, or negatively curved, space hidden beneath the Internet’s topology, leading them to devise a method to create an Internet map using hyperbolic geometry. In their paper “Sustaining the Internet with Hyperbolic Mapping,” the researchers said such a map would lead to a more robust Internet routing architecture because it simplifies path-finding throughout the network. Like many experts, one of the researchers is concerned that existing Internet routing, which relies on only topological information, is not really sustainable. “It is very complicated, inefficient, and difficult to scale to the rapidly growing size of the Internet, which is now accessed by more than a billion people each day. In fact, we are already seeing parts of the Internet become intermittently unreachable, sinking into so-called black holes, which is a clear sign of instability.” Source:;jsessionid=PSIQPS53GTMORQE1GHPCKH4ATMY32JVN