Wednesday, October 27, 2010

Complete DHS Daily Report for October 27, 2010

Daily Report

Top Stories

• According to the San Jose Mercury News, Pacific Gas & Electric (PG&E) said October 25 it has identified about 300 manual gas valves in California that may need to be replaced with speedier automatic or remotely controlled shut-off technology, at a potential cost of up to $450 million. (See item 3)

3. October 25, San Jose Mercury News – (California) PG&E says it may need 300 speedier shutoff valves. Criticized for its long delay in manually shutting off gas to the ruptured pipeline in San Bruno, California, Pacific Gas & Electric (PG&E) said October 25 it has identified about 300 manual gas valves that may need to be replaced with speedier automatic or remotely controlled shut-off technology, at a potential cost of up to $450 million. Also, while the utility said it found no immediate safety issues in a check of 16 miles of pipe in and around San Bruno after the blast that killed eight people and destroyed 35 homes, the company did find 38 leaks throughout its extensive network. Four of the leaks — one in Hollister, two in Napa, and another in Gridley — were in large transmission lines, similar to the one that erupted in San Bruno. Two of the four were in PG&E facilities. The others were in smaller pipes, many feeding gas to individual customers. The company, which expects to complete checking its entire gas system by December 15, said all of the leaks have been fixed. In its disclosures October 25, the company said the cost of replacing a manual valve with one that automatically closes after a drop in pressure from a pipe rupture or that can be remotely controlled by a human operator varies from $100,000 to $1.5 million, depending on such factors as how accessible the valve is for retrofitting. Source:

• The Dayton Daily News reports that two men were being questioned after federal agents and local officers learned the men planned to shoot up a Dayton, Ohio Veterans Affairs center, and found a rocket launcher and other weapons at an apartment. (See item 31)

31. October 25, Dayton Daily News – (Ohio) Rocket launcher recovered in alleged plot to attack Dayton VA. Two men were being questioned after federal agents and local officers learned the men planned “to show up at the Dayton, Ohio Veterans Affairs (VA) Center and basically shoot a bunch of people up,” police said October 25. Federal agents found a rocket launcher and other weapons at the Miami Bluffs, Ohio apartment of one of the men October 25, according to the Miami Township deputy police chief. A VA spokeswoman refused to comment, citing privacy regulations and the ongoing investigation. An FBI Special Agent confirmed the agency is investigating a threat made to the Dayton VA Medical Center either October 24 or 25, but he would not say how the threat was made. A deputy police chief said the men received services from the Dayton VA. ”I understand them to be American citizens who were also veterans,” he said. A neighbor said he found the unloaded rocket launcher in a garbage bin when he was taking out his trash. He said he climbed into the bin and recovered the launcher. The rocket launcher, green with “U.S. Army” written on it, was not loaded. Source:


Banking and Finance Sector

12. October 26, Media Newswire – (New York) Founder of the Cobalt Companies sentenced in Manhattan federal court to 85 years in prison for $23 million real estate fraud scheme. The United States Attorney for the Southern District of New York announced that the founder of the Cobalt Companies was sentenced October 26 to 85 years in prison on charges stemming from a fraud that raised more than $23 million from over 250 investors in private placement real estate offerings. The suspect was sentenced in Manhattan federal court by a judge who presided over the 3-week jury trial at which the suspect, along with two co-defendants, was found guilty. The Manhattan U.S. Attorney said: "He (the suspect) is a career con-man who stole millions of dollars from hundreds of investors by selling worthless interests in a bogus

investment offering. This office will continue to work with our partners at the Federal Bureau of Investigation to ensure that sham investment opportunities like Cobalt do not corrupt the marketplace." Source:

13. October 25, Carmi Times – (Illinois) Franklin County man admits robbing Collinsville, Marion banks. A Franklin County, Illinois man pleaded guilty October 22 in federal court in East St. Louis, Illinois to robbing banks in Collinsville and Marion. The U.S. Attorney for the Southern District of Illinois said the 34-year-old suspect pleaded guilty to a three-count indictment charging him with two counts of bank robbery, and one count of carrying and use of a firearm during a crime of violence. The statutory penalties applicable to each of the bank robbery counts are up to 25 years' imprisonment, up to a $250,000 fine, up to 5 years' supervised release, and a $100 special assessment. The statutory penalty applicable to the firearm offense is not less than 7 years' imprisonment up to life imprisonment, consecutive to the sentence imposed on the bank robbery in which the firearm was used, up to a $250,000 fine, up to 5 years' supervised release and a $100 special assessment. Source:

14. October 25, Mount Vernon News – (Ohio) Fire damages downtown building. A basement fire October 25 at 201 S. Main St. in Mount Vernon, Ohio spread throughout the building as firefighters from Knox County fought the blaze. The Mount Vernon Fire Department (MVFD) responded to a call of light smoke coming from the basement of the building on the southwest corner of South Main and West Gambier streets at approximately 6:30 a.m. According to the MVFD assistant chief, the fire started in the basement of the building, which is used for storage. A gas line ruptured, which helped fuel the fire, the fire chief said. Power on the west side of South Main was shut off. Because of the power outage and smoke throughout the downtown, many businesses have closed including the main office of First-Knox National Bank, The Alcove, and Associated Insurance. Source:

15. October 25, Kansas U.S. Attorney's Office – (Kansas) Dodge City man charged in bank robbery. Federal charges have been filed against a Dodge City, Kansas man accused of robbing a bank in Dodge City, the U.S. Attorney said October 25. The 31 year-old suspect is charged with one count of bank robbery, two counts of unlawful possession of a firearm after a felony conviction, and one count of using a firearm in a crime of violence. A criminal complaint filed Sunday in U.S. District Court in Wichita alleges that on October 21, the suspect robbed the Bank of America at 2307 Central Avenue. During the robbery, the suspect was carrying a handgun. After surveillance photos taken during the robbery were made public, police learned that the suspect was in Dodge City. On October 22, officers went to a house in the 1300 block of Sunnyside in Dodge City where the suspect was staying. The suspect was carrying a handgun when the officers encountered him in the backyard of the residence and ordered him to drop the gun. When the suspect failed to comply and tried to re-enter the house, the officers shot him. If convicted, he faces a maximum penalty of 25 years in federal prison and a fine up to $250,000 on the bank robbery charge, a maximum penalty of 10 years and a fine up to $250,000 on each count of unlawful possession of a firearm after a felony conviction, and a penalty of not less than 5 years and a fine up to $250,000 on the charge of carrying a firearm in furtherance of a crime of violence. The Dodge City Police Department, the Kansas Bureau of Investigation, and the FBI investigated. Source:

Information Technology

42. October 26, IDG News Service – (International) Dutch team up with Armenia for Bredolab botnet take down. Armenian authorities arrested a 27-year-old man October 26 on suspicion of running a large botnet that was dismantled after a unique take-down operation by Dutch law enforcement and computer security experts October 25. Dutch authorities said they seized dozens of servers used to control the Bredolab botnet, estimated to have infected millions of computers worldwide. Bredolab is a type of malicious software program that can steal login and password details, log keystrokes, and steal any data from an infected computer. The Dutch High Tech Crime Team, which is part of the National Crime Squad, began investigating the botnet over the summer, according to a press release issued October 25. The Bredolab botnet was capable of infecting up to 3 million computers per month. By the end of last year, it was estimated that 3.6 billion spam e-mails were sent out daily containing the Bredolab malware, according to the High Tech Crime Team. The Armenian man was tracked down in a joint effort between Fox IT, which is based in the Netherlands, and Dutch law enforcement. The man is suspected of renting computers that had been infected with Bredolab to cybercrime players in other countries, said the founder of Fox IT. The Armenian man had constructed a massive botnet, at one point infecting up to 29 million computers in countries including Italy, Spain, South Africa, the United States, and the U.K. Source:

43. October 26, The Register – (International) Botnet-harbouring ISPs named and shamed. The United States, Germany, and France rank as the top three countries for hosting botnet command and control servers. Countries such as China and Russia that tend to be most associated with hacking, spamming, and cybercrime rank far below Western countries in a list compiled by net security firm Damballa. For the first half of 2010, almost a quarter of botnet CnC servers were hosted by service providers in the United States, with the top three countries (United States — 23.9 percent, Germany — 17.9 percent and France — 8.6 percent) hosting more than half of all CnC servers. "Half of the servers used by cyber-criminals for the purpose of controlling their botnet empires are located in commercial hosting facilities within countries not traditionally associated with this kind of crime," writes the vice president of research at Damballa. "The ability to host a server is typically independent of where the criminals are actually located and the type of victims they are trying to capture. ISPs and hosting providers listed in the top 10 do not necessarily conduct criminal practices, but they have found themselves in a position of being 'preferred' by the criminals operating the botnets," he said. Source:

44. October 26, SC Magazine – (International) Sites ending in .com., .vn are the riskiest, McAfee finds. The .com extension has surpassed the African nation of Cameroon's .cm suffix as the most likely top-level domain to infect computers with malware, according to McAfee's third annual study of the Web's most dangerous recesses. Released October 26, the report found 56 percent of all sites labeled "risky" end in the most heavily trafficked top-level domain (TLD) extension of .com. Researchers studied 27 million Web sites as part of their analysis and determined that 6.2 percent pose a risk, up from 5.8 percent 1 year ago. Web sites registered in Vietnam ranked as the No. 1 riskiest country domain, as 29 percent of sites ending in .vn posed a security threat. Cameroon had the riskiest country TLD in 2009, but fell to the second spot in 2010. Vietnam had held the 39th spot last year. "Cybercriminals target regions where registering sites is cheap and convenient and pose the least risk of being caught," the director of research for McAfee Labs said. "A domain that's safe one year can be dangerous the next." A number of domains fell out of favor – such as .sg (Singapore), which dropped from 10th to 81st most risky — after domain managers cracked down on scam registrations, according to McAfee. Source:

45. October 26, PCWorld – (National) Firesheep's a huge hit with amateur hackers. Firesheep, an amateur hacking tool, has been downloaded more than 104,000 times a mere 24 hours after its launch, according to TechCrunch. Firesheep is a Firefox add-on programmed by a Seattle-based software developer who said he designed the extension to demonstrate the HTTP vulnerability in certain Web sites (such as Twitter, Facebook, Flickr, Tumblr, and Yelp). The extension basically allows people to view information traded over a public network, in the form of cookies — when someone logs on to one of the 26 sites in Firesheep's database, their information is vulnerable to being swiped. Because Firesheep uses information swiped from cookies, it will not reveal passwords to any snoopers — just a person's username and session number ID. So, while people might be able to see sensitive information (say, the person's Facebook account), they cannot do anything that requires the password (for example, in Amazon, they will not be able to purchase anything or access credit card information). Furthermore, Firesheep is limited to hacking people on the same network — so if one is on a password-protected network, only people on that network will potentially be able to get information. Of course, this means that one should be extra careful while on an open or public Wi-Fi network. The add-on is currently available for Mac OS X and Windows, with Linux support coming soon. Source:

46. October 26, Agence France-Presse – (International) Nobel website hacked. The Nobel Peace Prize Web site came under cyber attack from Taiwan, Norwegian telecoms operator Telenor said October 26, less than 3 weeks after jailed Chinese dissent Liu Xiaobo won the award. "The site was compromised, or as is more commonly said, 'hacked,' " the computer security director at Telenor told AFP, confirming a report in the Aftenposten daily. Visitors to the Web site risked infection by a Trojan virus. The director said the last IP address used by the hacker was at the National Chiao Tung University in Taiwan, but he cautioned that the attack may have originated elsewhere as hackers often used many computers to hide their traces. "We cannot say anything about the identity of the hacker or his motivations," he said. The Nobel Institute in Oslo said it had heard of the attack, but said the Web site was now back to normal. Source:

47. October 25, InformationWeek – (International) Workers abusing social sites on corporate networks. More than 70 percent of the traffic on corporate networks today comes from the Internet, and a sizable portion of it stems from employees’ use of Gmail, Hotmail, Facebook, and BitTorrent for personal reasons. That finding comes from a study released by next-generation firewall vendor Palo Alto Networks, based on firewall data captured in 723 organizations worldwide: 275 in North America, 207 in the Asia-Pacific region, and 241 in Europe. To provide more precise details, Palo Alto divided the personal applications it found into three categories: socializing, saying (e-mail and IM), and sharing. Altogether, these applications account for about 25 percent of the traffic seen on corporate networks. In terms of socializing, the most popular networking platforms were Facebook (95 percent), Twitter (93 percent), LinkedIn (85 percent), MySpace (79 percent), and Facebook applications (76 percent). While all social networking platforms have risks, Palo Alto said the prevalence of Facebook applications was cause for concern. "The more that enterprises download Facebook applications, the more likely they are to be attacked," said the director of EMEA marketing for Palo Alto. Relatively speaking, Facebook and its applications are bandwidth hogs, consuming 500 percent more bandwidth than the other 47 social networking applications seen combined, without even factoring in Facebook mail and chat traffic. Source:

48. October 25, InformationWeek – (National) White House unveils Internet privacy committee. The White House council on technology has formed a new subcommittee to develop principles to balance the Internet's economic opportunity with the right to privacy. The National Science and Technology Council's new subcommittee on privacy and Internet policy also will aim to synchronize the practices of federal agencies with policy being considered and developed by lawmakers, according to a White House blog post unveiling the committee. The post is attributed to the general counsel at the Department of Commerce, and an assistant attorney general at the Department of Justice, the chairs of the new panel. The subcommittee will try to develop a common Internet privacy strategy among all legislative and regulatory stakeholders, in the United States and abroad, they wrote. The panel also will work with the private sector to balance the needs of those doing business on the Internet with privacy principles or policies that are developed, as well as enforcement activity necessary to maintain them. The subcommittee is comprised of representatives from many federal departments and executive-level agencies. They include, among others: the departments of homeland security, education, energy, health and human services, state, transportation, and treasury; the Office of Management and Budget; the Office of Science and Technology Policy; and the National Security Staff Cybersecurity Directorate. Source:

Communications Sector

49. October 26, Associated Press – (South Carolina) FiberNet replacing West Virginia power station. FiberNet said it plans to replace a power-generating station in Charleston, West Virginia after the company experienced its second service interruption in October. FiberNet customers across the state lost telephone and Internet service for about 4 hours October 25. The company said it met with state public service commission officials to explain how it plans to prevent future outages. That includes replacing the power station at its central office. Another FiberNet outage occurred in at least six counties October 10. Source:

50. October 26, – (New York) Utica, New York tower accident injures three. An accident at a broadcast tower in Deerfield, New York serving the Utica market sent three tower workers to the hospital October 25. The three men were working on the tower installing a digital antenna for W59AU, the low power translator of PBS affiliate WCNY-TV/SYRACUSE, when the antenna apparently shifted and sent the three workers for dropping more than 20 feet to the ground. One worker was evaluated and released, while another received severe facial injuries, and the third sustained a foot injury in the accident. The mishap canceled NBC affiliate WKTV's noon news because its building was evacuated, and WCNY's local signal was taken off the air. WCNY sister WUNY and WXUR are also on the tower. Source:

51. October 26, – (National) iPhone security flaw allows hackers to make calls even when locked. A security hole has been discovered in iPhones running iOS 4.1, which allows anyone to bypass the iPhone lock screen to make unauthorized phone calls. According to a MacForums member, the flaw can be exploited by simply tapping the emergency call button, then dialing any non-emergency number instead, and immediately tapping the lock screen, which will give the user access to the phone’s contacts app. Reports have already emerged that this method does not work with the iOS 4.2 beta, so presumably Apple already knows about it and is working on fixing it. iOS 4.2 is expected to hit supported devices in November 2010. Source:

52. October 26, Mibz – (National) Nokia N900 hacked to run native Palm Pre apps thanks to preenv. The Nokia N900 is probably the most hackable device in the world and the latest hack available for the N900 is called Preenv 0.1. This app requires one to have a rooted Nokia N900 and to activate the extras-devel packages. One will also need a rooted Palm Pre, as this enables one to port Palm Pre games on the Nokia N900. This is possible thanks to Palm and Nokia’s way of developing native apps for Linux called SDL 1.2. Another thing which helps Preenv is the similarity between the hardware of the Nokia N900 and the Palm Pre, which both have the same processor and PowerVR SGX GPU that supports OpenGL ES 2.0. Source:

53. October 25, Radio Ink – (New York; National) FCC issues $10,000 NAL to suspected pirate. The Federal Communication Commission's (FCC's) enforcement bureau has issued a $10,000 notice of apparent liability (NAL) to the operator of an unlicensed station at 90.5 FM in Spring Valley, New York. In October 2009, agents responded to a complaint and traced a signal to PC Taxi Services and PC Auto Repair in Spring Valley, and were referred to the owner. The owner then showed the agents a room where, according to the NAL, agents "observed a radio station in operation." He also led them to the roof, where an FM antenna was found, and to an attic where a transmitter was behind a stack of tires. He told the agents he was letting a friend operate the station, and turned off the transmitter at the agents' request. The bureau then sent a notice of unlicensed operation to the owner, who responded by denying he had any knowledge of the station. The bureau was not persuaded, saying, "The facts show that he had control of the station and was involved in the general conduct or management of the station." The operator has 30 days to either pay or file a written response seeking a cancellation or reduction of the forfeiture. Additionally, the Enforcement Bureau has issued a $10,000 NAL to Multicultural Broadcasting, saying WNYG/Babylon, NY's public inspection file was not available when a bureau agent inspected the station during regular hours, and that issues/programs lists were missing from the file. Source:

54. October 25, Associated Press – (New York; National) Computer trouble disrupts AP coverage for 5 hours. The Associated Press (AP) suffered a 5-hour computer outage October 25 that prevented much of its news coverage from being delivered to newspapers and other media outlets. The problems started at about 3 p.m. as the news cooperative tried to apply a security patch recommended by Microsoft Corp. The AP wanted the added protection before next week's national and state elections. To perform the security upgrade, AP switched from its main system to back-up computers and they failed, said the AP's chief information officer. Engineers tried to revert to the main system but had problems there too. The breakdown was not completely fixed until about 8 p.m. The outage shut down a news database that sends stories, photos, and video through the Web instead of satellites, which the AP had relied on for years. Most of the roughly 1,500 U.S. newspapers that receive AP's coverage have converted to the Web feed. Some of the newspapers could have fallen back on old satellite technology on their premises. The outage also affected online video customers. Source: