Wednesday, November 10, 2010

Complete DHS Daily Report for November 10, 2010

Daily Report

Top Stories

• The San Francisco Chronicle reports that chemically laced drinking water that has plagued Hinkley, California has continued to spread despite a long-standing order for Pacific Gas and Electric Co. (PG&E) to clean up the mess. (See item 35)

35. November 8, San Francisco Chronicle – (California) Hinkley water tainted by chromium 6 spreading. The creeping plume of chemically laced drinking water that plagued the Mojave Desert town of Hinkley, California, and led to the major motion picture “Erin Brockovich” about the scandal, has continued to spread despite a long-standing order for Pacific Gas and Electric Co. (PG&E) to clean up the mess. Higher than normal levels of cancer-causing hexavalent chromium, or chromium 6, have been detected over the past year in groundwater more than a half-mile beyond the previous boundary of contamination in the San Bernardino County farming community, water quality regulators revealed the week of November 1. PG&E representatives said the levels of chromium 6 in the new location were never above California’s safe drinking water standard and have recently been reduced to natural background levels. The senior engineering geologist for the Lahontan Regional Water Quality Control Board, which oversees the Hinkley area, issued a cleanup and abatement order in August 2008, instructing PG&E to stop the expansion of the underground chromium plume by December 31 of that year. The plume nevertheless continued spreading, she said.. It is now 2.6 miles long and 1.3 miles wide, and extends 0.6 miles farther northeast than it did 2 years ago, The geologist said chromium has been found in what she called “the lower aquifer,” an area of groundwater separated from the upper aquifer by a layer of clay. “This is important,” she said, “because the pollution originally affected only the upper aquifer, and a lot of the domestic wells were tapped into the lower aquifer because it was believed to be uncontaminated.” Source:

• A new study found that despite spending $6 billion annually on data breaches of patient information, most hospitals have not made protecting patient data a priority, according to Healthcare IT News. (See item 39)

39. November 8, Healthcare IT News – (National) Hospitals ‘struggling’ to protect patient data. The healthcare industry is spending an estimated $6 billion annually on data breaches of patient information, according to the latest benchmark study by Ponemon Institute. On November 9, the Ponemon Institute and ID Experts released Benchmark Study on Patient Privacy and Data Security. The study indicated that protecting patient data is a low priority for hospitals, and that organizations have little confidence in their ability to secure patient records. Among the findings, researchers found that the cost of a data breach over a 2-year period is approximately $2 million per organization, and the lifetime value of a lost patient is $107,580. The average organization had 2.4 data breach incidents over the past 2 years. The researchers also found that 70 percent of hospitals stated that protecting patient data is not a top priority, and that patient billing (35 percent) and medical records (26 percent) are the most susceptible to data loss or theft. A majority of organizations have less than two staff dedicated to data protection management (67 percent). Source:


Banking and Finance Sector

12. November 9, Chicago SouthtownStar – (Illinois) Acid threat used in bank heist. Police said the November 6 robbery of a TCF Bank in Chicago, Illinois where a robber threatened a bank teller with acid follows a rash of similar crimes against the bank chain. The robbery occurred about 10:30 a.m at a TCF branch at 3220 Chicago Road, police said. According to officials, a man walked up to a teller and claimed he had a container of acid inside his coat. He said he wanted only $100 bills and threatened to toss the acid on the teller if she sounded any alarm, police said. No one saw a container with acid. The teller said she had no money and notified the manager, police said. He approached the robber, who reiterated his threat. The manager grabbed a handful of cash from a drawer and gave it to the robber, who exited and jogged north until he disappeared into a crowd. Police said the robber, who got away with about $600, appeared to be about 50-years-old. He was wearing a white shirt, a light-colored jacket, glasses, and a black knit hat. The crime took only 2 to 3 minutes, police said. Source:,110910schihtsbankrobbery.article

13. November 8, The Register – (International) Bank insiders charged in ZeuS cybercrime smackdown. Six corrupt bank insiders turned ZeuS money mule suspects have been arrested in Moldova. All half dozen of the suspects worked in local banks in the east European country. Investigators believe the suspects specialized in laundering Western Union and MoneyGram payments received from co-conspirators in Western nations that can ultimately be traced back to compromised corporate and personal bank accounts. The arrests in Moldova follow charges against alleged members of a massive cybercrime ring estimated to have raked in up to $70 million by using the ZeuS banking Trojan to steal online banking log-in credentials and loot accounts. Further arrests may follow in Moldova and elsewhere, a Washington Post staffer turned security blogger reports. Source:

14. November 8, WDIV 4 Detroit – (Michigan) Ann Arbor bank evacuated briefly Monday. A Comerica Bank branch in Ann Arbor, Michigan, was evacuated briefly November 8 when a suspicious tube with an unidentified liquid was found on a counter, police said. Police said the bank was evacuated at about noon after an employee reported finding a clear tube wrapped with masking tape and paper clips. Police said the bank was evacuated as a precaution. They said there were no threats made and no injuries. The substance inside the tube was determined to be rubbing alcohol. Source:

15. November 8, KCSG 14 St. George – (Nevada; Utah) St George police arrest Mesquite bank robbery suspect. A 33 year-old suspect from Akron, Ohio, was arrested by St. George police November 8 at the Greyhound bus depot in St. George, Utah, and charged with armed robbery of the Nevada State Bank at 350 Sandhill Boulevard in Mesquite, Nevada November 5. A Mesquite Police Department public information officer said Mesquite police detectives identified the suspect after reviewing bank surveillance video and promptly issued an arrested warrant. A manhunt by Mesquite police and FBI agents assisted by the Las Vegas Metropolitan Police Department helicopter combed the Mesquite area. Mesquite detectives acting on leads they has developed alerted St. George police that the suspect might be on a Greyhound headed north. St. George police located the suspect at the Greyhound bus stop where he was taken into custody without incident. Source:

16. November 8, Mount Helix Patch – (California) Police arrest suspect in Spring Valley bank robbery. The FBI announced the arrest of a 36-year-old suspect in the November 4 robbery of Bank of the West in Casa de Oro-Mount Helix, California. A complaint was filed in U.S. district court November 5 charging the suspect with one count of bank robbery. The complaint said the suspect slipped a male teller a demand note that stated, “This is a robbery.” After receiving an undisclosed amount of money, the suspect left. He was picked up by a San Diego County sheriff’s deputy about 2 hours later in the parking lot of Shadow Point Apartments on Dale Avenue. Based on a description, the patrolling deputy approached the suspect and gained consent to search his wallet, which contained a large amount of cash. The deputy detained the suspect. After further investigation by the FBI and local law enforcement, the suspect was arrested. The FBI reported he eventually confessed to robbing the bank. Source:

Information Technology

53. November 9, IDG News Service – (International) iPhone’s Safari dials calls without warning, says security expert. A security researcher is asserting that Apple has made a poor security decision by allowing its Safari browser to honor requests from third-party applications to perform actions such as making a phone call without warning a user. Safari, like other browsers, can launch other applications to handle certain URL protocols. These might be in clickable links, or in embedded iframes. An iframe containing a URL with a telephone number, for example, will cause Safari to ask if the user wants to make a phone call to that particular number, wrote a security researcher, on the SANS Application Security Street Fighter blog. Users can tap a button to make or cancel the call. But the researcher found that behavior changes in some cases. For example, if a user has Skype installed and stays logged into the application, Safari does not give an alert when it encounters a Skype URL in an iframe, and immediately starts a Skype call, he said. The researcher said he contacted Apple. The company said third-party applications should be coded to ask permission before performing a transaction. But in the current arrangement, third-party applications can only ask for authorization after a person has been “yanked” out of Safari and the application has been fully launched. “A solution to this issue is for Apple to allow third-party applications an option register their URL schemes with strings for Safari to prompt and authorize prior to launching the external application,” he wrote. Source:

54. November 9, Times of India – (International) hacked: Websense. India’s financial Web site was hacked last week, as unknown hackers inserted a malicious code inside its pages, making visitors vulnerable, U.S. based cyber security firm Websense Security Labs said in its security alerts released November 9. According to Websense, the main Indian site was compromised and injected with malicious code November 6. The injected code redirected users to an exploit Web site. Exploit kits contain malicious programs which can be downloaded to infect a particular computer. The site was cleaned up the next day. Active injected codes can impact site performance. When a site is injected with code that leads to an exploit site, visitors generally experience hanged or slow browsers, and often a a browser crash, as well. Source:

55. November 8, Brookhaven Courier – (Texas) E-mail virus attacks campus. Faculty at Brookhaven College in Farmers Branch, Texasy received an e-mail October 20 warning them a virus was being transmitted through the GroupWise e-mail system. The IT director said the virus was contained within 24 hours. According to the e-mail, sent by the Dallas County Community College District network and systems specialist , the virus spread through attachments in e-mails with subject lines such as “Your friend invited you to Twitter!” and “Shipping update for your order.” Their antivirus software provider, eTrust, notified them of the virus almost immediately. Once the virus was detected, an e-mail alerting faculty not to open messages with the suspicious subject lines was sent. The specialist said, “There is a highly mobile virus on the loose on some district workstations that is coming into GroupWise through routes inside our filters.” She said if someone already received such an e-mail and opened the attachment, they should advise their data center immediately. Source:

56. November 8, – (International) Kenya: Internet hackers attack treasury. Kenya’s cyber highway is not safe from virtual fraudsters and other malignant cyber crooks. As the country boasts three undersea fiber optic cables, cyber attacks are on the increase. The weekend of November 6 and 7, the Finance Ministry’s Website was brought down by hackers. Opening the treasury Web site returned a blank black screen with words “Hacked by ReisBEY Muslim Turkish Hacker,” in red and white. The hackers are suspected to be similar to those who hacked Kenya Airways Web site in 2008. In the past year, many sites have been compromised, including the statehouse site and those of Kenya administration police, Kenya government portal, and mobile phone company’s among others. In July, a real estate site was hacked in an attempt to extract information. The hackers corrupted and shut down the Web site. Source:

57. November 8, Erictric – (International) AOL Mail goes down again? Less than 3 weeks after AOL Mail went down, the service appeared to be having some downtime issues again November 8. Some users have reported that they were unable to access their AOL Mail accounts. In addition, various affected users have taken their frustrations to Twitter. Source:

58. November 5, Threatpost – (International) Adobe investigating new Reader flaw. Adobe is warning users about another new vulnerability in its Reader application that causes the software to crash and could possibly lead to remote code execution as well. The new Reader bug was disclosed November 4 on the Full Disclosure mailing list and Adobe security officials said that they are investigating the problem and looking into a potential fix. The bug can be used to cause a denial-of-service condition on vulnerable machines, Adobe said. However, one of the new security measures that the company introduced earlier this year can be used to help protect against attacks on the flaw. Adobe’s JavaScript Blacklist Framework is designed to prevent malicious APIs from running, and Adobe said that the tool can be used to stop attacks on the new Reader vulnerability. IT staffs must enable and populate the blacklist manually, and Adobe has explicit instructions in its advisory on how to do that. Adobe patches Reader on a regular quarterly schedule, and the last release was October 5, which was 1 week earlier than scheduled. It is not clear whether Adobe would release a patch for this latest Reader bug before the next scheduled update. Source:

Communications Sector

59. November 8, Seattle Times – (Washington) Comcast cable TV out in some Seattle neighborhoods. Comcast cable subscribers in a handful of Seattle, Washington neighborhoods were finding themselves staring at black TV screens November 8. The cable provider experienced an outage at about 8:30 p.m. in Queen Anne, Green Lake, South Seattle, and downtown. As of 10 p.m., the problem had not been resolved. Source:

60. November 8, Rexburg Standard Journal – (Idaho) Phone line severed during sewer work. Phone service was out for several customers in sections of St. Anthony, Idaho for several hours November 8 after a crew digging trenches for new sewer lines in the city damaged a line. Fremont County Courthouse offices were among those without service. County officials had not been told when service might be restored. Other downtown agencies and businesses were also affected. Some banks had to close their doors and others opted to have land lines transferred to cell lines to take business calls. Some businesses were told services would be restored within a minimum of 3 hours after service had been out since mid-morning. Source: