Wednesday, February 16, 2011

Complete DHS Daily Report for February 16, 2011

Daily Report

Top Stories

• According to WCBD 2 Charleston, firefighters from three counties and about a dozen departments spent more than 18 hours battling a blaze after an explosion and fire at a fertilizer plant in Hartsville, South Carolina. (See item 3)

3. February 15, WCBD 2 Charleston and Associated Press – (South Carolina) Massive fire burns fertilizer plant in Hartsville. State officials planned to send a second team back to a burning fertilizer plant in Hartsville, South Carolina, the afternoon of February 15, to make a second check of smoke billowing from a fire. A South Carolina Department of Health and Environmental Control spokesman said the fire was still sending up a lot of smoke. Previous testing found no hazardous chemicals in the air. There have been no injuries reported from the fire that started the night of February 14 at the Agrium Rainbow plant. Firefighters from at least three counties and about a dozen departments worked February 15 to cool hot spots of the fire that began after an explosion just before 7 p.m. the night before. The Hartsville Rainbow Operations plant, also known as the Royster-Clark plant, is part of agricultural services conglomerate Agrium and manufactures Rainbow NPK fertilizer, according to the company’s Web site. About 50 people work at the plant, and 7 people were in the plant when the fire started. After the initial fire and explosions, flames quickly spread through surrounding woods, according to reports. The fire brigade from nearby Sonoco Products Co. was put on alert to protect its plant. As of 9:16 p.m., firefighters reported the Sonoco plant was shut down and evacuated with just the fire brigade on site, according to broadcast information. Hazardous materials and fumes from the fire were the prime concern facing city officials. In addition to Hartsville Fire Department personnel, units from Sonoco’s fire brigade, Darlington, Darlington County, Florence, West Florence, Windy Hill, Howe Springs, Lee County, and Alligator Rural fire departments were either fighting the fire or were standing by for additional response within the city. Source:

• The Asheville Citizen-Times reports that the North Carolina Forest Service and several other fire crews fought to contain a 400-acre wildfire that began inside Chimney Rock State Park. (See item 51)

51. February 15, Asheville Citizen-Times – (North Carolina) Wind-whipped fires break out in Asheville area, across Western North Carolina. A wildfire affecting Henderson, Polk and Rutherford counties in North Carolina, was affecting about 400 acres February 15, according to the Henderson County emergency service director. The North Carolina Forest Service (NCFS) called in a Type 2 Incident Management Team consisting of 40-50 members to manage the fire and they expected to utilize 200 to 300 firefighters to control the Judes Gap fire over the next week. “The main concern is the south and east sides of the fire,” a NCFS spokesman said. High winds February 14 caused the brush to jump containment lines and whipped up several fires across the region. The Judes Gap fire started about 3:30 p.m. February 12 inside Chimney Rock State Park in a remote area called the World’s Edge. NCFS and local fire crews from Henderson and Polk counties responded. The fire was originally estimated to be contained at about 300 acres but could spread to 400 or 500 acres. The NCFS spokesman was unsure when the fire would be contained, but said no structures were threatened. Source:|head


Banking and Finance Sector

9. February 14, The New New Internet – (International) New scam targets online sellers. The FBI’s cyber complaint center has released a report warning about a new scam targeting sellers on online marketplace Web sites. According to IC3, the ploy generates fake receipts through an executable file circulating on hacking forums recently, the center said. The generator asks the would-be victim to disclose information about item name, price, and the date the order was taken. As soon as the victim hits “Generate,” an HTML file is created in the program folder. The program makes what appears to be a legitimate marketplace receipt and a copy of the “Printable Order Summary,” similar to documents resulting from legitimate marketplace purchases. Details, such as “Total before tax” and “Sales tax,” make the receipt extra convincing. According to IC3, many sellers on these online markets will ask the buyer to send them a copy of the receipt in the event of missing orders or any other issues that may arise during or after the Web transaction. Source:

10. February 14, WNYW 5 New York – (New York) FBI: Holiday Bandit hits 6th New York City bank. The so-called “Holiday Bandit” struck another bank in New York City, New York, February 13, the FBI announced. The 35-year-old bandit walked into a Capital One branch in Borough Park at 9:43 a.m., gave a teller a note demanding money, and showed off a black handgun, the FBI said. He apparently was not happy with the amount of cash that teller gave him so he moved on to another teller and demanded more money, the FBI said. Then the robber — wearing a black hat, dark sunglasses, a maroon coat, and light blue jeans, brown shoes, and carrying a black messenger bag — took off on foot. He has now robbed at least six banks in New York, the FBI said. Three banks are in Queens, two in Brooklyn, and one on Staten Island. The FBI describes the “Holiday Bandit” as a white male, about 6 feet 5 inches, and approximately 200 pounds. Source:

11. February 14, Wicked Local Brookline – (Massachusetts; Rhode Island) Man wanted for Brookline bank robberies arrested in Rhode Island. A man wanted in connection with four bank robberies in Massachusetts, three in Brookline and one in South Attleboro, was arrested in Rhode Island February 14, following an investigation by law enforcement agencies in two states. The 36-year-old was arrested around 10:30 a.m., at a Providence, Rhode Island hotel after he allegedly robbed the Pawtucket Credit Union in Pawtucket, Rhode Island, according to a statement from the FBI’s Boston Field Office. At first he was charged on a warrant for the Massachusetts robberies; later the U.S. Attorney for Rhode Island charged him with the Pawtucket robbery. The suspect allegedly robbed three banks in Brookline: A Citizens Bank branch January 26, a Sovereign Bank branch February 4 and a Brookline Bank branch on February 7. He allegedly robbed a Citizens Bank in South Attleboro February 10. The arrest was the result of a joint investigation by the Brookline Police Department, the South Attleboro Police Department, the Seekonk Police Department, the Pawtucket Police Department, the Rhode Island State Police Violent Fugitive Task Force, U.S. Marshals Service, and the FBI Violent Crimes Task Force, the FBI said. Source:

12. February 11, KXAS 5 Dallas-Fort Worth – (Texas) FBI: Irving bank officer stole $2.7 million. The FBI arrested a former Irving, Texas banker February 10 and accused her of stealing $2.7 million over 2 years and using the money to buy two large houses in Ellis County and several vehicles. The woman, an officer with the Bank of New York Mellon, allegedly stole $2,719,674 by fraudulently making 40 wire transfers from her bank into her personal account from 2008 to 2010, according to a federal grand jury indictment. The suspect pleaded not guilty and was released on bond after surrendering her passport, court records show. Agents seized several vehicles they claimed the suspect bought with stolen funds, including a 2010 Buick Lucerne, a 2007 Dodge Ram 2500 quad pickup, a 2008 Dodge Durango sport utility vehicle, and a 2002 Freightliner diesel tractor. Prosecutors claim she also bought two homes in Palmer. Her attorney said she lives in one of the homes and family members live in the other. Source:

13. February 11, Federal Bureau of Investigation – (Illinois) Suburban man allegedly swindled $105 million from approximately 400 victims in investment fraud scheme. A suburban Chicago, Illinois man was charged with allegedly engaging in an investment fraud scheme, swindling more than $105 million from approximately 400 victims who invested in funds he purported to operate. Various U.S. Department of Justice officials announced the suspect was charged with eight counts of mail fraud in a criminal indictment filed February 10. The suspect allegedly misused money he raised from investors for his own benefit, and to make Ponzi-type payments to investors. The 51-year-old male, formerly of the U.S. Virgin Islands, currently resides in Barrington, Illinois, and will be arraigned at a later date in U.S. District Court. The indictment alleged the suspect was the principal officer and sole shareholder of Kenzie Financial Management, a U.S. Virgin Islands corporation; the sole manager and member of Kenzie Services, LLC, a corporation located in Charlestown, Nevis, West Indies; the president of Draseena Funds Group, Corp., an Illinois corporation; the manager of DN Management Company, LLC, a Nevada limited liability company, and the manager of Nerium Management Company, an Illinois corporation. According to the charges, through these corporate entities, the defendant controlled 12 investment funds collectively known as “the Kenzie Funds.” The suspect allegedly offered and sold to the public investments in the various Kenzie Funds in the form of membership interests and limited partnership interests. Source:

For another story, see item 39

Information Technology

38. February 15, Help Net Security – (International) Complex Trojans and next generation malware is on the way. While e-mail users may have noticed a significant drop in spam in recent months, cybercriminals are gaining ground with creative new phishing methods and making exploit kits more robust, reveals the Security Labs Report from M86 Security. Findings include: third-party phishing is on the rise; e-mail spam is declining, though far from dead; there have been some notable bot-net take-downs and has closed; and exploit kits with virus scanners are becoming increasingly popular while social network attacks are increasing. Source:

39. February 14, Darkreading – (International) New ‘boy in the browser’ attacks on the rise. A new but familiar type of attack on the rise is a spin-off of the proxy trojan, keylogger, and man-in-the-browser (MITB) attack. The “boy-in-the-browser” (BITB) attack — so named as a less sophisticated form of MITB — may be immature, but it is efficient, easy, and targeting users visiting their banks, retailers, and even Google. “It reroutes a [victim’s] traffic without them being aware ... It’s so effective because it’s quick to modify itself so antivirus can’t detect it. It’s great for a quick-hit attack,” said a senior security strategist with Imperva, which issued a security alert February 14 on this attack technique that its researchers spotted in the wild. BITB is basically a “dumbed-down” MITB where the attacker infects a user with its trojan, either via a drive-by download or by luring the user to click on an infected link on a site. The trojan reconfigures the victim’s “hosts” file and reroutes the victim’s traffic for a specific Web site — say, a bank or an online retailer — and to the attacker’s own server posing as that site. Then the BITB attacker can intercept or modify the transaction. “It’s difficult to detect,” the researcher said, because the victim sees the same URL he or she was requesting. Source:

40. February 14, Agence France-Presse – (International) Spanish police hold Nintendo ‘blackmailer’. Spanish police have arrested a hacker who allegedly stole data on some 4,000 Nintendo users and then tried to blackmail the Japanese videogame developer, they said February 14. Nintendo Spain said the week of February 6 that a hacker had stolen the personal data of some 4,000 customers in Spain, and then threatened to denounce the company for negligence to data protection authorities. Spanish police said in a statement February 14 that when Nintendo did not reply to his demands he leaked information on one of the users in an online forum and threatened to release the rest of the data. Police located the hacker, whose identity was not revealed, and arrested him in the southern province of Malaga, preventing the release of any further data. Source:

41. February 14, Softpedia – (International) Plextor’s website hacked. The U.S. Web site Plextor, a brand of optical disc drives, network storage solutions, portable hard disks, and other devices, has been defaced by a hacker February 13. The hacker, who calls himself “ViciOuS,” replaced the site’s homepage with a message in Turkish. The message appears to contain the words “disaster” and “revenge,” so the attack might be political in nature. The usual “greetz” posted by defacers were present and the hacker seems to be part of a team called “SaBoTaJ.” According to CdrInfo(dot)com, the Web site that spotted the hack, Plextor has been notified and the problem was fixed. Source:

42. February 14, Softpedia – (International) (dot)edu space filled with adult spam. Security researchers from GFI Software warned an increasingly large number of (dot)edu Web sites are being abused to push adult spam because of their poor security and lack of oversight. Searching for adult-oriented terms in the (dot)edu domain space reveals entire pages of results, most of which are on discussion boards. “Most of this seems to have kicked in since around the 4th or 5th of February, and there doesn’t seem to be much in the way of spam control or preventative measures going on right now so please be careful if looking around your university forums, official or otherwise,” a security researcher at GFI said. It is not only forums that have been abused. Among search results users can also find what appear to be compromised Web sites. Most of them are installations of popular content management solutions that have been left unpatched for a long time. The same security holes can be leveraged to create malicious doorway pages that are part of malware distribution and black hat SEO attacks. A similar trend has also been observed for governmental Web sites, which are being abused by spammers and other crybercriminals not just in the United States, but internationally as well. Source:

43. February 14, Softpedia – (International) Anonymous releases more HBGary emails and makes them searchable. Anonymous has taken issue with HBGary’s actions again and publicly released an additional 27,000 e-mails stolen during its hacking of the company’s network and servers. The week of February 6, members of the hacktivist group compromised systems belonging to HBGary and HBGary Federal, two separate, but related companies, after they threatened to expose Anonymous leaders. In response, Anonymous hacked into the company’s servers and stole tens of thousands of confidential e-mails which it subsequently released onto the Internet. The leaked e-mails belonged to the CEO, president, COO, and principal consultant. After the HBGary president went into the group’s online chat and spoke with the hackers, they decided against publishing 27,606 e-mails belonging to the company’s co-founder. However, the group changed its mind after the company published a statement saying it is working with law enforcement to find the criminals who broke into its systems and suggested that Anonymous falsified some of the released data. All of the e-mails were published on a special Web site which has a search feature. The site, which is over 9 GB in size, has already been mirrored several times, making it more resilient to take-down requests. Source:

44. February 14, Darkreading – (International) Long-patched vulnerabilities continue to dominate threat list. According to the new Security Labs Report from M86 Security, the top six most frequently observed vulnerabilities on the Web were all discovered at least 4 years ago, and have all been patched for at least 2 years. Most of the top 15 flaws detected by M86 Security were on Windows or Adobe applications, and most have been around for some time — MS Office Web Components active script execution, for example, has been known since 2002, yet it still ranks second on the most frequently detected list. “Despite the fact that these vulnerabilities were patched years ago, many of them are still targeted today,” the report said. “This is likely a result of their success rates, and it reinforces the importance of updating software applications, from browsers to PDF readers.” The report also lists the top 10 exploit kits, where Eleonore remains the most popular and Phoenix comes in at number 2. Source:

Communications Sector

45. February 14, Lexington Herald-Leader – (Kentucky) Test accidentally took down WLEX cable feed. WLEX, Lexington, Kentucky’s NBC affiliate, was temporarily off Insight Communications’ basic cable lineup for a few hours February 14. The outage happened as the cable operator was testing its ability to receive WLEX’s signal via fiber rather than over the air, an Insight spokesman said. Insight officials said they thought the outage was limited only to subscribers of its basic cable lineup of 22 channels and possibly just in certain geographic areas of Lexington. The signal was restored by 11 a.m. Source:

46. February 14, City of Morganton – (North Carolina) Sun outages could disrupt some cable channels. The general manager of Compas Cable TV, Phone & Internet said all customers will likely experience some brief disruptions on various satellite-delivered cable channels starting February 26 due to a naturally-occurring phenomenon known as “sun outages “As the sun moves north in early spring (and also as it moves to the south in early fall), it passes directly behind the stationary satellites from which we receive our programming, causing interference to the signals we receive,” he said. The interference can be so strong that it disrupts the signal traveling from the stationary satellites to Compas’ receivers. At the beginning of the 2-week cycle, the effects will be minimal, but will gradually worsen until peaking on the seventh day, March 5. “But after March 5, the effects will gradually weaken over the next week as the sun moves away from the satellites,” he said. The disruptions will likely occur for about 2 weeks from Feb. 26 to about March 12 and can last for about 20 to 30 minutes. Different channels will be affected at different times. “Unfortunately, there is nothing we can do to prevent sun outages from occurring,” the general manager said. Source:

No comments: