Thursday, September 16, 2010

Complete DHS Daily Report for September 16, 2010

Daily Report

Top Stories

•According to Associated Press, an explosion and flash fire September 14 at a plant in Toone, Tennessee that makes flares for the military injured six people, three of them critically, authorities said.(See item 15)

15. September 14, Associated Press – (Tennessee) 6 injured in explosion at Tenn. flare plant. An explosion and flash fire September 14 at a plant in Toone, Tennessee that makes flares for the military injured six people, three of them critically, authorities said. The explosion at Kilgore Flares Co. was reported just before noon. A Memphis hospital reported that three people were brought there in critical condition and a smaller hospital in Bolivar reported that three people there were in good condition. The fire apparently was contained to one building, which was heavily damaged. The company Web site said Kilgore supplies infrared decoy flares to counter the threat of guided missiles. The company announced earlier this year a $22.5 million Department of Defense order for flares for B-52 aircraft. A worker at the Kilgore plant was killed during a flash fire and explosion in April 2001. Source:

•KXTV 10 reports that the U.S. Army Corps of Engineers September 14 announced inspection results that found 10 levee systems in the Sacramento, California area were minimally acceptable or unacceptable, and rife with problems, ranging from erosion to encroachments.(See item 61)

61. September 14, KXTV 10 Sacramento – (California) Army Corps of Engineers inspects Sacramento region levees. The U.S. Army Corps of Engineers September 14 announced results of inspections it supervised on some Sacramento, California, area levees and the findings were not positive. Using $4.6 million in federal stimulus funds, the Corps hired engineering firms to inspect 10 levee systems in the Sacramento, Stockton, Yuba City, and Marysville areas for safety. The levees were rated as either minimally acceptable or unacceptable. Problems ranged from encroachments (unapproved or improper use of levee property), erosion, slope stability, seepage, and animal control. “There are issues that we have rated unacceptable and determined they are likely to prevent the system from performing as intended,” said an U.S. Army Corps of Engineers spokeswoman. The Corps looked at levees in the most at-risk areas first. Inspections of levees in Colusa, West Sacramento and Stockton were ongoing and expected to be completed this coming winter. The inspections focused largely on on issues like vegetation on levee banks, erosion, or levee slopes that are unstable. In response to the report, the California Department of Water Resources director said his agency would continue to work with the Corps to address flood risk. The Corps has scheduled inspections of 16 other levee systems. Source:


Banking and Finance Sector

17. September 15, Bloomberg – (National) JPMorgan web site fails again, late fees to be waived. JPMorgan Chase & Co., whose Web site failed September 15, the second failure this week, will refund late fees and help fix other problems for 16.6 million online customers unable to access their accounts. The site went down late September 13 and service was restored around 1 a.m. New York time September 15. The system failed again several hours later. The problem is a software glitch and customers’ accounts aren’t at risk, a company spokeswoman, said in an interview. Customers trying to use the site see an error message that reads, “Our website is temporarily unavailable. We’re working quickly to restore access.” The bank’s primary regulator in Washington D.C. was on alert when the service failed the first time. “We monitored this situation very closely,” a spokesman for the Office of the Comptroller of the Currency said. JPMorgan’s active online customers have increased by an average annual rate of 42 percent since 2006, according to a September 14 presentation to investors by the firm’s chief executive officer. More than 3.7 million households use JPMorgan’s online Web site to pay their bills. “Online customers should contact Chase telephone banking ... or visit a branch to correct late fees that were incurred during the outage,” a company spokeswoman said in an e-mail. JPMorgan will also refund late fees charged by other institutions, she said. The length of the outage raises operational risk and internal control issues for the bank, which was the only major Wall Street firm to make it through the financial crisis without posting quarterly losses, said a former analyst for the Federal Reserve Bank of New York and co-founder of Institutional Risk Analytics in Torrance, California. “These systems are big and complex, but they should have redundancy to take the ‘A’ system offline if need be for hours at least,” he said. Source:

18. September 15, Agence Press France – (International) N. Ireland dissidents threaten to attack bankers. A dissident republican terror group in Northern Ireland threatened September 15 to target banks and bankers as it seeks to destabilize the peace process, in comments to a newspaper. The Real IRA launched a tirade at financial institutions in Great Britain’s “colonial and capitalist” system, which it accused of leaving millions of victims, in remarks to Britain’s Guardian daily. The threat is the latest attempt by the group, that formed after breaking away from the Provisional IRA when the latter was engaging in peace talks, to undermine British rule of the province. “We have a track record of attacking high-profile economic targets and financial institutions such as the City of London,” said the group’s leaders in a series of written responses to the paper. “The role of bankers and the institutions they serve in financing Britain’s colonial and capitalist system has not gone unnoticed. Let’s not forget that the bankers are the next-door neighbors of the politicians.” But security sources in the British province played down the threat. They stressed that the Real IRA lacks the logistical resources of the Provisional IRA to carry out a bombing campaign similar to the ones that hit the London in the early 1990s. Source:

19. September 14, Reuters – (National) N.J. woman pleads guilty in $45 million Ponzi scheme. On September 14, a New Jersey woman pleaded guilty to running a $45 million Ponzi scheme in which she promised to invest money in real estate, but instead gambled some of it at casinos. Federal prosecutors said the 58-year-old suspect pleaded guilty to one count of wire fraud and one count of conspiracy before a U.S. magistrate judge in federal court in Manhattan, New York. She had been charged in June. She is expected to be sentenced to between 51 and 63 months in prison, and fined as much as $1 million. The Montclair resident also agreed to forfeit $5 million, her stake in 24 properties she bought as part of the scheme, and a Dunkin’ Donuts franchise in Arizona, prosecutors said. Prosecutors accused the suspect of soliciting $45 million from more than 20 New York and New Jersey investors between 2006 and December 2009, promising to use the money to buy or renovate residential real estate properties for eventual resale. They said she instead spent only $6 million on real estate, and used most of the rest to repay earlier investors. Source:

20. September 14, Biloxi-Gulfport Sun Herald – (Mississippi) Hancock Bank employee indicted on fraud charge. A third Hancock Bank employee has been indicted on federal charges of bank fraud, this time accused of executing a scheme to defraud the bank of an undisclosed amount of money at the Petal, Mississippi branch, according to federal court records. The suspect was indicted in January, though all of the details in the original indictment remain under seal. In the redacted indictment, she is accused of stealing from the bank between July 31, 2006, and June 24, 2009. She has pleaded guilty. The suspect was a financial services associate. She’s been fired and is free on a $25,000 unsecured bond. Her sentencing, initially set for July 15, was postponed after the government filed a motion saying Hancock officials have since discovered what appears to be “additional fraud” involving the suspect. She is now the third former Hancock employee indicted on fraud charges. In an unrelated case, the former branch operations manager at Hancock’s Ocean Springs main branch, and a former bank teller there, have pleaded guilty in a scheme to steal more than $2 million over more than 20 years, ending in July 2009. The thefts in that case started around 1982, when the pair started working side-by-side as tellers. The two, along with two other unnamed co-conspirators, reportedly stole money from the accounts of elderly people they had befriended. An independent audit showed $2,386,451.84 stolen from customer accounts between 1995 and July 2009. There were no records before 1995, so the amount embezzled from early 1980 to 1995 is unknown. All 44 of the victims were between the ages of 71 and 102. Source:

Information Technology

44. September 14, Computerworld – (International) Mozilla halts Firefox security updates. Mozilla has stopped providing security updates to Firefox users as it investigates a bug that caused computers to crash last week. A Computerworld blogger first reported on the problem September 5 after he tried to update older editions of Firefox on several different machines. When he asked Firefox 3.5.11, 3.6.3 and 3.6.8 if there was an update, the browsers told him no newer editions were available. Firefox’s up-to-date versions are 3.5.12 and 3.6.9, which Mozilla released 1 week ago when it patched 15 vulnerabilities, 11 of them labeled “critical.” Computerworld staffers reproduced the issue when they tried to update a copy of Firefox 3.6.6 on Windows Vista and Firefox 3.6.8 on a Mac. Normally, older versions of Firefox will automatically receive an update with 24-48 hours after it’s released, or when the user manually selects the “Check for Updates” from the Help menu. On September 13, Mozilla said it has stopped offering Firefox 3.5.12 and 3.6.9 because of a bug that crashed some users’ machines after they’d updated, then restarted the browser. Source:

45. September 14, Help Net Security – (National) Debunking the email privacy myth. E-mail communications are inherently risky, and information transmitted by e-mail, including sensitive data and business-critical transactions, is more vulnerable than most users realize. “The reality is that anyone with access to a switch, router or hub between your outbox and your recipient’s inbox can read your unprotected e-mail,” said SECNAP’s CTO. “That could be your IT guy, or it could be hackers. To ensure information privacy, it’s vital that all parts of an e-mail and its attachments be encrypted from Point A to Point B, and everywhere in between. And that encryption has to work on smartphones, too.” Using a variety of smartphones for both their business and personal communications, executives and professionals regularly share confidential information over highly risky channels. Most are willing to sacrifice e-mail security and information privacy for the benefits of speed and convenience. “That’s a bad idea,” said the CTO. “Cyberspace is filled with individuals constantly on the hunt for information to exploit, and the easier it is, the more vulnerable you are.” A growing body of regulation in the United States requires organizations to safeguard the personally identifiable information (PII) of their customers, patients, vendors, students, employees, investors, and other stakeholders. Specific e-mail encryption requirements are now included in HITECH, HIPAA and GLBA regulations, and at least two states have also mandated encryption as a privacy measure. Source:

46. September 14, The Register – (International) Microsoft closes hole used to attack industrial plants. Microsoft has credited security partners at Kaspersky Lab and Symantec for helping to close a critical Windows vulnerability that was being exploited by a sophisticated worm that has attacked industrial plants around the world. The bug in the Windows Print Spooler, which was one of at least 11 vulnerabilities Microsoft patched September 14, was under active attack by the Stuxnet worm, a sophisticated piece of malware that penetrated factories and other industrial plants. While it exploited a recently patched bug to infect PCs, it then attacked the print spooler bug and two other flaws to spread to new machines on local networks. A senior program manager for the Microsoft Security Response Center said the worm was so complicated that his team benefited from the analysis of outside researchers, who he said provided invaluable help in understanding how it worked. Both Kaspersky and Symantec are members of MAPP, short for the Microsoft Active Protections Program, under which about 70 partners share information about known vulnerabilities before they are made public. The advanced details allow members to develop signatures for anti-virus software and intrusion prevention systems and to pool research. The flawed print spooler, which does not correctly validate user permissions, allows remote attackers to take complete control of Windows systems. It is rated critical on Windows XP because the operating system enables a guest account for anonymous users by default. It is rated important on more recent Windows versions because users must manually set them up. Once Stuxnet gained a foothold on a network, it exploited the vulnerability to spread to additional machines. It also used two additional Windows vulnerabilities that Microsoft has yet to patch. Company representatives declined to provide details about them – other than to say they allowed attackers to elevate system privileges – pending a patch. According to IDG News, Stuxnet has infected 14 plants. Source:

47. September 14, The H Security – (International) Web sites distribute malware via hacked OpenX servers. The vulnerability in the free OpenX ad server made public September 13 is already being actively exploited to distribute malware. According to press reports, a server that provides The Pirate Bay with ad banners was hacked, but browsers that use Google’s Safe Browsing API to reach the site are warned that it has dangerous content. A similar thing happened to the humoristic site, and the entertainment portal AfterDawn’s OpenX AdServer also fell victim to an attack. In the latter case, only a few files were damaged, preventing ads from being sent out altogether. According to the OpenX project, DDoS attacks have also since occurred on the Web server, the blog, and the forum. Nonetheless, all of the services are currently still reachable. It is not clear why these attacks are taking place. At present, there is no warning on the project’s Web site or at the OpenX blog about the vulnerability in the software. The problem is the result of a component integrated in OpenX’s video plug-in, from a third-party, which allows images to be uploaded. In December 2009, the module “ofc_upload_image.php was” introduced, and it does not check who is uploading what to the server. As a result, executable scripts can be saved and executed on the server. Source:

48. September 14, Yahoo News – (International) Jailbreak iOS 4.1: Hackers quickly find an exploit for 4.1. Hours after Apple released its iOS 4.1 update, coders have identified an exploit in the operating system’s boot ROM. First announced by iPhone Dev-Team member pod2g on Twitter, it has since been confirmed by other hackers. Usually, Apple moves pretty quickly to close loopholes to prevent jailbreaking. But that is because previous jailbreak holes usually exploited bugs in the operating system. Apple engineers could shut down the jailbreak with a simple software update. This exploit, however, is boot ROM-based, and targets such a low-level part of the OS that Apple would have to make significant changes in the hardware to stop it. As the odds of Apple recalling all sold units and replacing them are nil, this hack would probably work on any iDevice shipped since November, whether that’s the iPhone 4, iPhone 3GS, iPad, or the fourth-gen iPod Touch. In an ironic twist, it appears the vulnerable boot ROM was introduced in order to shut down an earlier exploit on the iPhone 3GS. There were rumors 1 month ago about Apple stealthily adding a nonconductive coating to the metal band on the sides of the iPhone 4 to fix the antenna’s death-grip problem. Apple will probably do the same, quietly changing the hardware to close the exploit. But any device manufactured before September 14 will be fair game. Source:

49. September 14, DarkReading – (International) ‘App store for exploits’ could reduce enterprise vulnerabilities. A proposed free market for the buying and selling of attacks that exploit specific software vulnerabilities — sounds more like a threat than a security aid. Yet the brainchild of security testing firm NSS Labs could just be what the doctor ordered to help enterprises eliminate their vulnerabilities, security experts said. The “app store for exploits” would allow security researchers and developers to sell validated exploits to known security professionals. NSS Labs plans to test every exploit in the marketplace to make sure each one works and does not carry malicious code. In addition, the company will check every buyer to prevent criminals from using the marketplace to fuel their own activities. The exploits will be in a standard format, making it easier for them to be added to the Metasploit Framework, and only attacks on previously reported vulnerabilities will be allowed. “We are not selling zero-days — this is not the Pirate Bay,” said the president of NSS Labs. “One of the key things we are offering in our scenario here is that all of the exploits that go into the store will be validated.” For enterprise security teams, this new, darker analog to Apple’s App Store could help immensely, said one security specialist at a Fortune 100 firm, who spoke on condition of anonymity. “It is putting some parity on the playing field between the bad guys and the good guys,” the security specialist said. “The bad guys have had this sort of capability for a while, and now the good guys can have it as well.” Source:

50. September 14, Help Net Security – (International) Growing dangers of digital music and movies. A growing number of cyber threats are associated with the popularity of online music and videos, according to a McAfee report. Researchers found that adding the word “free” to searches increases the risk of landing on a malicious site. McAfee also revealed that cybercriminals hide malicious content in music and movie-related sites, and even fan clubs sites. In recent years, as consumers have increasingly watched video or downloaded music online, cybercriminals have shifted their attacks to include more dangerous Web sites, malicious ads and video viewing tools. According to comScore, more than 177 million U.S. Internet users watched online video in June, up from 157 million 1 year ago. As downloading of digital content has increased, so have the dangers associated with it. The research found that adding the word “free” to a search for music ringtones resulted in a 300 percent increase in the riskiness of sites returned by major search engines in English. The word “free” in other languages yielded similar results. Searching for “MP3s” added risk to music search results, while searching for “free MP3s” made those searches even riskier. Even when a consumer indicated that they wanted to pay for the MP3 in their search, results still sent them to pirated content. McAfee also discovered thousands of malicious and highly suspicious URLs associated with fan clubs or comments made on social media sites, such as YouTube and Twitter. Source:

For another story, see item 17 above in the Banking and Finance Sector

Communications Sector

51. September 15, Decatur Daily – (Alabama) S.W. Decatur phone outage to last for days. An AT&T contractor cut two major phone lines September 13 that have left parts of Southwest Decatur, Alabama, including Brookhaven Middle School, without phone service. An AT&T Alabama spokeswoman said the loss of phone service, and possibly some Internet service, should last about 3 days. The outage covers the Brookhaven neighborhood between Eighth and 14th streets, and Danville Road and Central Parkway in Southwest Decatur. She said the contractor was placing additional fiber to expand the company’s network at Fourth Avenue and Eighth Street Southwest. The cut occurred September 13 at about 1:30 p.m. Brookhaven’s assistant principal said school administrators have cell phones if they need to call out. Source:,68281

52. September 14, Anderson Independent-Mail – (South Carolina) Phone service interrupted in parts of Abbeville County, later restored. Service for phone numbers with the prefix 459 was out of order for several hours in some areas of Abbeville County, South Carolina September 14. The service was restored at 5:17 p.m., a communications specialist for the South Carolina Emergency Alert System said. The system does not know what caused the problem, he said. Source:

53. September 14, Telecommunications Online – (International) Japan launches first GPS satellite. Mitsubishi Heavy Industries and the Japan Aerospace Exploration Agency (JAXA) launched the “MICHIBIKI” satellite, Japan’s first GPS satellite, at 8:17pm (JST) September 11 from the Tanegashima Space Center. According to a release from JAXA, the launch went smoothly and, at approximately 28 minutes and 27 seconds after liftoff, the separation of the MICHIBIKI from the H-IIA Launch Vehicle was confirmed. This is the first in a series of three satellite launches that will provide improved navigation signals for all of the Japanese islands. Like a number of countries, including Russia and China, Japan is hoping to reduce or eliminate their reliance on the NAVSTAR GPS network, controlled by the United States. Similar launches are already planned in Russia, China, and India. Source: