Tuesday, December 14, 2010

Complete DHS Daily Report for December 14, 2010

Daily Report

Top Stories

• According to Associated Press, dozens of motorists were trapped in vehicles for up to 12 hours after a heavy snowstorm closed a major highway in LaPorte, Indiana. (See item 22)

22. December 13, Associated Press – (Indiana; National) Snow in northwest Indiana trap some motorists. Authorities were working frantically December 13 to reach motorists in snow-covered northwest Indiana who were trapped in their cars in biting temperatures. A LaPorte County sheriff’s deputy said officials do not know how many people were stranded, but that some had been stuck for as long as 12 hours and many were in a 10-mile stretch of U.S. 30 near LaPorte. “All the way across U.S. 30 is at a standstill and all of those vehicles are occupied,” the deputy said. The National Weather Service issued a winter storm warning for parts of northern Indiana, where heavy lake effect snow was expected to drop an additional 5 to 10 inches of snow December 13. Indiana authorities were having a hard time reaching motorists as snow plows struggled with the high drifts and roadways clogged with nearly 100 abandoned cars and some jackknifed semitrailers. But the wind caused the most trouble. “As soon as the plows go through an area, the wind is blowing fresh snow right back into the roads,” a state highway department spokesman said. LaPorte and Porter counties issued emergency orders telling drivers to stay off the roads as the area had winds up to 30 mph. A powerful storm carrying snow and high winds struck much of the upper Midwest over the weekend, canceling flights and closing major highways in several states. Schools in Indiana, Michigan, Wisconsin, and other states closed December 13 because of the snow and low temperatures. Source: http://www.npr.org/templates/story/story.php?storyId=132019484

• CNN reports heavy rains triggered mudslides in Washington State December 12 that shut down passenger and freight trains between Portland and Seattle, and Seattle and Canada. (See item 23)

23. December 12, CNN – (Washington) Flooding hits western Washington, mudslides halt Amtrak service. Heavy rains caused several rivers in western Washington state to overflow their banks December 12, and triggered mudslides that shut down passenger trains north and south of Seattle, authorities said. Rivers in nine counties had crested at or above flood stage by December 12, the state emergency operations center reported. A mudslide north of Vancouver, Washington, just across the state line from Portland, Oregon, shut down Amtrak’s Cascades train route for 48 hours, a Washington Department of Transportation spokeswoman said. “They have to make sure where the mudslide occurred or anywhere else along that track, that the slope is stable enough to where there will not be any chances of an additional mudslide occurring before they release passenger traffic back onto the track,” she told CNN. Mudslides occurred north of Seattle as well, effectively shutting down train service that connected the city to Canada, the spokeswoman said. But shutting down the Portland-to-Seattle run has “a much bigger impact that affects a lot more people,” she said. The larger mudslide occurred 6 miles north of Vancouver December 11, said a spokesman for the Burlington Northern Santa Fe Railway, which owns the tracks. An adjacent freight line that carries up to 40 trains a day was also affected by the mudslide, and crews were working to reopen that line December 12, he said. Source: http://articles.cnn.com/2010-12-12/us/washington.mudslide_1_mudslide-train-service-flood-stage?_s=PM:US


Banking and Finance Sector

14. December 10, Harrisburg Patriot-News – (Pennsylvania) East Pennsboro police think robber struck PNC Bank twice, seek suspect. East Pennsboro Township, Pennsylvania, Police and the FBI believe the man who robbed the PNC Bank at 235 North Enola Road around 1 p.m. December 9 is the same man who robbed the branch November 23. Police said they are investigating if the man could be involved in similar robberies throughout the area. A man entered the bank and jumped onto the teller counter, demanded money, grabbed an undisclosed amount from the teller’s drawer and fled the building on foot, heading north along Routes 11&15, toward East Columbia Road in Enola, police said. No weapon was displayed and there were no customers in the branch at the time of the robbery. The robber was described as a black man 18- to 25-years-old, 6-foot to 6-foot-2 and thin in build. He was wearing dark colored sweat pants and a dark colored hoodie, which was pulled over his head at the time of the robbery, and his face was covered with a white cloth. He wore a pair of newer Nike sneakers, dark in color. Source: http://www.pennlive.com/midstate/index.ssf/2010/12/east_penn_police_think_robber.html

15. December 10, WWMT 3 Kalamazoo – (Indiana) Man arrested in string of bank robberies. There is new information about a string of bank robberies in West Michigan. Back in March, police caught up with the 36-year-old suspect after they say he tried to rob a bank in Valparaiso, Indiana. But the FBI found evidence linking him to several in West Michigan, including a bank robbery in Schoolcraft back in February. The week of December 6, a grand jury indicted him on those cases. In all, police think he robbed at least 10 banks in West Michigan and in Indiana. Source: http://www.wwmt.com/articles/newschannel-1384794-robberies-string.html

16. December 10, Winter Haven News Chief – (Florida) Police chief says Lake Wales victim of identity theft. The city of Lake Wales, Florida has suffered identity theft. That is the best description the Lake Wales police chief has for the recent theft of hundreds of thousands of dollars from a city account at Center State Bank. He told commissioners December 9 his department is working with the state attorney’s Office and the Florida Department of Law Enforcement to develop suspects. He would not be surprised to see the FBI take part, too. “We don’t have suspects at this point,” the chief said. “It could be internally in the city, internally in the bank, or even people outside Lake Wales.” The amount of money taken, he said, is close to $400,000 through automatic clearing house (ACH) withdrawals. He is sure that amount will change as the investigation progresses. Source: http://www.newschief.com/article/20101210/NEWS/101219999/1021/news01?Title=Police-chief-says-Lake-Wales-victim-of-identity-theft

17. December 10, Indianapolis Star – (Indiana) Device victimized Chase ATM customers. Chase Bank is working with the FBI to track fraud artists who victimized about 300 customers at an undisclosed ATM in Indianapolis, Indiana in November, a company spokeswoman said the week of December 6. Chase’s fraud department found an object known as a skimming device had been placed on one of the machines a few hours one night, she said. About 300 customers of Chase had their accounts compromised. The spokeswoman said all received new debit cards and, if needed, reimbursements. Source: http://www.indystar.com/article/20101210/LOCAL/12100355/Device-victimized-Chase-ATM-customers?odyssey=tab|mostpopular|text|LOCAL

18. December 8, KFSN 30 Fresno – (California) Dapper Bandit hits two valley banks. The man who robbed the Bank of America in Fresno, California November 17 looks to be the same man who robbed the Rabobank in Tulare December 7. Wearing a cap, turtleneck and sport coat, he has been unofficially dubbed the “Dapper Bandit.” But he is carrying a gun under that coat. A sergeant with the Fresno Police Department said, “What is happening he goes into the bank approaches a teller he shows them a handgun and he demands the money from the bank teller. The bank teller gives the guy the money and he walks out.” Fresno Police said the clear surveillance photos give them hope someone will identify the robber. “This one is significant because it’s an emerging series and we feel he’s going to hit again,” a Fresno police sergeant said. Police have not connected this suspect to any other robberies, but there are similarities to a suspect who is wanted for a dozen other bank robberies, who is known as the “Geezer Bandit.” But FBI officials told KSFN 30 Fresno they had no reason to believe the Dapper Bandit and the Geezer Bandit were the same person. The Dapper Bandit is described as a white male, between 30 and 40 ... around 6 feet tall and 200 pounds. The Geezer Bandit is about the same size, but said to be 70 years old. Source: http://abclocal.go.com/kfsn/story?section=news/local&id=7832852

Information Technology

46. December 13, Softpedia – (International) Hackers compromise Gawker, expose user passwords. Gawker Media must deal with a serious security breach after hackers managed to compromise several of its servers and leaked a database of 1.3 million usernames and passwords. In a network-wide announcement, Gawker warned users who have an account on any of its 10 highly-trafficked blogs, which include Gizmodo, LifeHacker, Jezebel, and Kotaku, that their passwords were compromised. A group called Gnosis took credit for the attack and it seems that its motive was Gawker’s taunting of Anonymous and 4chan members, which at one point it called “script kiddies.” Gnosis noted the hacked database contained the log-in details of 1.5 million users, of which 1.3 million were copied and leaked online. The data contained usernames, passwords, and e-mail addresses. Source: http://news.softpedia.com/news/Hackers-Compromise-Gawker-Servers-Expose-User-Passwords-172180.shtml

47. December 13, Softpedia – (International) Twitter fast-spreading spam attack linked to Gawker compromise. A spam attack promoting acai berry diets is quickly spreading on Twitter and apparently it uses hundreds of thousands of accounts hijacked following the Gawker database compromise. The flood of spam messages began December 13 and are among the lines of “Lost 10lbs using acai berry! RT This! [link]” or “Im not gaining weight this year cuz of acai berry! [link].” The advertised domains contain “acainews” in their name, but as a senior technology consultant at Sophos noted, they could change at any time. The links take users to an article on a fake a news Webs ite, which displays the logos of ABC, Fox News, CNN, CBS, and USA Today, in order to gain credibility. The goal is to trick visitors into buying weight loss products. This aggressive spam attack has been linked to a compromise of Gawker user accounts that happened the weekend of December 12. Source: http://news.softpedia.com/news/Twitter-Fast-Spreading-Spam-Attack-Linked-to-Gawker-Compromise-172206.shtml

48. December 11, The Register – (International) Exim code-execution bug, now with root access. Exim maintainers warned of an in-the-wild attack that allowed miscreants to execute malicious code with unfettered system privileges by exploiting a bug in older versions of the open-source mail transfer agent. The memory-corruption vulnerability resides in Exim 4.69 and earlier versions, and already has been used in at least one attack to completely root an enterprise server, according to this account. The code-execution attack works in concert with a privilege-escalation vulnerability that results when admins want to use multiple configuration files, a popular option. Exim recommended that option be turned off so root privileges are required to override the default configuration file. Security pros sounded the alarm because the vulnerability is remotely exploitable and is already being used maliciously. Although the attack was not reported until December 8, it was not until eDecember 10 that Exim maintainers were able to reproduce the exploit. Attack code has also been added to the Metasploit exploitation kit, making it easy for others to reproduce the attack. Maintainers for the Debian and Red Hat distributions of Linux have issued patches. The most reliable fix is to update to version 4.7. Source: http://www.theregister.co.uk/2010/12/11/exim_code_execution_peril/

49. December 10, Computerworld – (International) Manchester teen arrested for selling Call of Duty DDoS tool. A teenager in Manchester, England has been arrested after being caught selling a “booting tool” used to attack and kick players off the hugely popular Call of Duty online game. The software used to launch the attacks, “Phenom Booter,” was traced to the United Kingdom by game publisher Activision, which found it for sale on a forum allegedly connected to the 17-year-old. The youth is currently under arrest and is likely to be charged with offenses under the Computer Misuse Act, police said. Such shell tools have spread around gaming recently as a way of “booting” or “kicking” rival players by locating their IP address from online gaming Web sites using a technique known as ARP poisoning. Anyone using such a tool can wield considerable power, removing one or more players from games hosted on servers, even making it impossible for anyone to use them at all. The youth is the first person ever to be arrested in the United Kingdom in connection with an alleged online gaming offense. Source: http://www.networkworld.com/news/2010/121010-manchester-teen-arrested-for-selling.html?hpg1=bn

50. December 10, IDG News – (International) Google, Microsoft ad networks briefly hit by with malware. For a brief period the week of December 5, cybercriminals infected Google’s and Microsoft’s online ad networks with malicious advertisements that attacked users’ PCs, according to security consultancy Armorize. The attacks started December 5 and lasted a few days, sending victims who clicked on the ads to malicious Web pages. Those pages took advantage of known software bugs to install backdoor programs that gave the attackers control of the victims’ PCs, or to install software that made it appear as though the PCs were filled with malicious software. Google acknowledged December 10 it had experienced some issues on its DoubleClick network, but said it put a stop to them quickly. A Google spokesman would not say how the malicious ads got onto Google’s ad network, but Armorize’s chief technology officer said cybercriminals may have tricked Google by serving the ads from a domain similar to that used by a legitimate ad-serving company, AdShuffle, based in Irving, Texas. The ads exploit bugs in Adobe Reader, Java, and other PC software. The bugs have been previously identified, which means people with up-to-date software and antivirus products should not be at risk. Source: http://www.computerworld.com/s/article/9200899/Google_Microsoft_ad_networks_briefly_hit_by_with_malware

Communications Sector

51. December 13, Siliconrepublic – (International) Hardware fault in Dublin blamed for Amazon.com outage. A hardware fault on Amazon.com’s servers in Dublin, Ireland was to blame for a brief outage December 12, and not a hactivist attack from hacker group Anonymous. At 11:15 p.m. December 12, shoppers in the UK, France, Germany, Austria, and Italy were locked out of the site for half an hour. While it was initially thought the outage was the work of hacker group Anonymous, Amazon.com said the problem was due to a hardware failure at a Dublin-based hosting facility that serves the site. Amazon last week withdrew its services from WikiLeaks. Anonymous launched an attack against Amazon.com as part of its Operation Payback campaign, but the attack failed. Other sites like Visa and MasterCard, which removed their services, were attacked by hactivists and suffered outages. Reports indicated Anonymous planned to launch a distributed denial of service attack against Amazon.com but decided it did not have sufficient “forces”. It also decided attacking a major online retailer when ordinary people were buying Christmas presents would have been in poor taste. Tipping its hat to Amazon.com’s infrastructure, Anonymous said its distributed system makes it more resilient against denial of service attacks. Source: http://www.siliconrepublic.com/strategy/item/19604-hardware-fault-in-dublin/

52. December 12, Peninsula Daily News – (Washington) Forks radio stations remain off air after lightning strike on tower. Engineers were assessing damage to the AM and FM radio stations December 10 after lightning struck the tower December 8, said a station manager in Forks, Washington. The station, which is owned by First Broadcasting Capital Partners LLC, would remain silent for an undetermined amount of time. The tower, which transmits KBDB-FM 96.7 and KBIS-AM 1490, was struck while a lightning storm hit the West End December 8. The same storm put about 3,700 Clallam County Public Utility District (PUD) customers in the dark after lightning hit a transformer. The outage stretched from Beaver to Forks to Oil City, said a PUD spokesman. Source: http://www.peninsuladailynews.com/article/20101212/news/312129987/forks-radio-stations-remain-off-air-after-lightning-strike-on-tower

53. December 10, Softpedia – (International) Spammers use free hosting providers as redirectors. Security researchers warned spammers are increasingly abusing free hosting services to install redirectors with the purpose of hiding their real spam sites. This multi-layered approach gives spammers more flexibility and makes their Web sites harder to detect, block, and shut down. The technique is combined with a similar abuse of URL shorteners. Many pages with unique and random URLs get created via free hosting services and are then shortened before being sent out in spam e-mails. These pages use JavaScript redirect scripts and are hosted on URLs of the form http://fipxmdmzp.[censored].com/?iyzdm=yngqsa, where most of the composing parts are random. The JavaScript code is obfuscated using techniques unseen in previous attacks. This is meant to hide the spam site URL as best as possible. “Redirecting users in this way shows that spammers are going to considerable lengths to hide the addresses of their actual spam sites, and actively trying to make more difficult detection by anti-spam companies,” wrote a senior software engineer at Symantec Hosted Services. Source: http://news.softpedia.com/news/Spammers-Use-Free-Hosting-Providers-as-Redirectors-171997.shtml

54. December 10, Hagerstown Herald-Mail – (Maryland) Verizon restores service to 432 exchange area. Some residents in the Boonsboro and Keedysville, Maryland areas were unable to make phone calls December 10 outside of their 432 exchange code, including 911 calls, due to damage to a telephone line, the Washington County emergency services director said. Verizon restored service to customers by late in the evening, a company spokeswoman said. The outage affected land lines and cell phones in the 432 exchange area, or the area in which phone numbers begin 301-432-. In that area, calls would connect only to other phone numbers beginning with 432. To make a cell phone call to a number outside that exchange, the user had to leave the Boonsboro-Keedysville area. The problem resulted from a Verizon fiber line being cut during work to repair a water-main break in the area of North Main Street and Stouffer Avenue in Boonsboro December 10. A Verizon spokeswoman said cables in an underground conduit were cut and the company had to replace a few hundred feet of the cable to restore service. Verizon was able to restore full phone service to customers by 9:30 p.m. Source: http://www.herald-mail.com/?cmd=displaystory&story_id=258285&format=html