Tuesday, June 7, 2011

Complete DHS Daily Report for June 7, 2011

Daily Report

Top Stories

• According to the Associated Press, fire officials said June 6 that a massive wildfire in eastern Arizona that forced the evacuation of several mountain communities has grown to 301 square miles. (See item 62)

62. June 6, Associated Press – (Arizona; New Mexico) Arizona forest fire expands to 193,000 acres. A massive wildfire in eastern Arizona that forced the evacuation of several mountain communities has grown to 301 square miles, fire officials said June 6. Strong winds and low humidity were predicted at the Wallow fire, with a red flag warning from 10 a.m. to 8 p.m. The U.S. Forest Service said the blaze has burned nearly 193,000 acres since it started more than a week ago near Alpine. So far there is zero containment. About 2,300 firefighters were on the scene, including many from western states and as far away as New York, a fire information officer said. The Apache County sheriff’s office told people east of Alpine along U.S. Highway 180 to evacuate. Alpine itself has been under mandatory evacuation orders since June 2, along with Nutrioso and several lodges and camps in the scenic high country. Officials said several subdivisions close to the border with New Mexico were ordered emptied June 5. The fire and heavy smoke creating pea-soup visibility forced the closure of several area roads, including a 2-mile stretch of Highway 180 between Alpine and the New Mexico line. In Greer, which has fewer than 200 year-round residents, many people have voluntarily left. Fire officials said if the blaze comes within 2 miles of a containment line nearby, the town will be evacuated. Since the blaze started May 29, four summer rental cabins have been destroyed, the U.S. Forest Service said. No serious injuries have been reported. The fire is the state’s third-largest in its history. The state also was contending with another major wildfire, its fifth-largest, in far southeastern Arizona that threatened two communities. Air crews dumped water and retardant near the Methodist church camp as the 156-square-mile blaze burned around the evacuated camp in the Pine Canyon near Paradise. Paradise and East Whitetail Canyon were evacuated in advance, and the nearby Chiricahua National Monument was closed. Crews set backfires and kept the blaze from about a dozen occupied homes and vacation residences. Source: http://www.seattlepi.com/news/article/Horrific-Ariz-fire-blankets-towns-in-smoky-fog-1407862.php

• Associated Press reports that about 600 residents in southwest Iowa as well as federal dam officials were ordered June 5 to evacuate after the Missouri River breached a levee in Missouri. (See item 63)

63. June 5, Associated Press – (Iowa; Missouri) Missouri levee breach prompts evacuations in Iowa. About 600 residents in southwest Iowa were ordered June 5 to evacuate their homes after the Missouri River breached a levee across the border in Missouri. The evacuation covers nearly half of the town of Hamburg, a spokeswoman for the Iowa Department of Homeland Security and Emergency Management (IDHSEM) said. Residents, most of them on the south side of the city of 1,141, were told to get out within 24 hours. The U.S. Army Corps of Engineers reported a levee was breached June 5 south of Hamburg in Missouri’s Atchison County. A Corps spokesman said crews had been working June 4 on another issue near the breach and all workers were evacuated. The IDHSEM head characterized the breach as a “boil” — a leak that “shoots out like a small geyser” — that was 1 inch to 1.5 inches in diameter. Iowa sent a Blackhawk helicopter June 5 to drop roughly 1,000-pound sandbags on the levee, he said, adding it was too dangerous to use ground crews. It was not known how long the work would take. The emergency management director for Atchison County, Missouri, said another nearby levee had a similar break June 4, but she said crews were able to repair it. She said levees along the Missouri River have been weakened by the river’s recent high water levels. Source: http://www.ctpost.com/news/article/Missouri-levee-breach-prompts-evacuations-in-Iowa-1410544.php


Banking and Finance Sector

13. June 6, Charleston Gazette – (West Virginia; South Carolina) Deputies arrest suspect in credit union robberies. Kanawha County, West Virginia sheriff’s deputies arrested a fugitive June 2 wanted in connection with three recent credit union robberies in West Virginia, and South Carolina. The man was wanted for robbery of a credit union in Berkeley County, South Carolina. Upon his arrest, the FBI was able to tie the man to two robberies in West Virginia: the May 26 robbery of the Pioneer Federal Credit Union in South Charleston, and the June 1 robbery of the Universal Federal Credit Union in Barboursville. Deputies used a Taser to subdue the suspect at a motel and place him in custody following a brief struggle. Source: http://wvgazette.com/News/201106030661

14. June 4, Amarillo Globe-News – (Texas; Natiional) Credit union says thieves did not breach network. Unauthorized purchases that caused dozens of people to lose thousands of dollars involved no hacking or network breach of any sort, officials with The People’s Federal Credit Union (PFCU) of Amarillo, Texas said June 3. The thieves who used Amarillo, Texas funds to make purchases during the Memorial Day weekend in California and other places combined publicly available bank identification numbers with randomly generated debit card numbers to create fake debit cards, PFCU’s marketing director said. The Amarillo Police Department, which has handed the case over to federal authorities in California, said June 3 that scams similar to the one that affected the Amarillo credit union hit 22 other institutions nationwide at the same time. The thieves tested the cards by first attempting to make small purchases or trying the numbers with online stores, the PFCU marketing director said. The credit union has about 8,000 debit-card holders, and 17,500 accounts. The credit union has yet to determine how much money was lost, but the reported charges per person ranged from a few hundred dollars to more than $1,000. So far, the credit union has attempted to protect members from further scams by requiring PINs for all transactions outside Texas, and denying signature requests made outside the state. Source: http://amarillo.com/news/local-news/2011-06-04/credit-union-says-thieves-did-not-breach-network

15. June 4, Business Spectator – (International) AFP assisting in $540 million U.S. bank fraud case: report. The Australian federal police are assisting the United States in an alleged bank fraud case where online poker sites may have laundered $540 million via an Australian payments processor, according to Fairfax Media. The FBI alleges that Intabill, registered in the British Virgin Islands, processed a minimum of $543,210,092 worth of transactions for the poker companies Full Tilt, PokerStars, and Absolute Poker between mid-2007 and March 2009. Source: http://www.businessspectator.com.au/bs.nsf/Article/AFP-assisting-in-US540-million-US-bank-fraud-case--pd20110604-HH27T?OpenDocument&src=hp3

16. June 3, Highland Park Patch – (Illinois) Local developers indicted in $15.7 million mortgage fraud scheme. Five defendants were indicted by the U.S. Justice Department (DOJ) June 2 after they allegedly engaged in a $15.7 million fraudulent loan scheme to finance the failed Center of the North Shore development in Northbrook, Illinois. According to the DOJ, three partners of the center, a title company executive, and a loan officer took out fraudulent loans to make interest payments on a $26.2 million loan to finance the development. The 517,000 square-foot mixed-use development, which was planned for 14 acres at Dundee Road and Skokie Boulevard, fell into foreclosure in October 2008. Two of the defendants were charged with two counts of wire fraud, one count of bank fraud, and one count of making a false statement to influence the action of a bank; a third was charged with two counts of wire fraud, and one count of bank fraud; a fourth was charged with seven counts of wire fraud, and one count of making a false statement to influence the action of a bank; and a fifth was charged with seven counts of wire fraud. In total, the conspirators were able to obtain $15.79 million from their fraudulent home mortgages, and a construction loan. The DOJ seeks forfeiture of $10 million from the five defendants. Source: http://highlandpark.patch.com/articles/developers-indicted-in-157-million-mortgage-fraud-scheme

17. June 2, KPHO 5 Phoenix – (Arizona; National) Mortgage company hacked, admits security breach. Thousands of homeowners could be at risk for identity theft, after a major mortgage company was hacked. The Lending Company, based in Phoenix, Arizona said the security breach was akin to getting one’s Facebook account hacked, however, when a mortgage application is hacked, everything about one’s finances is wide open. The Lending Company does business in 12 states. A borrower contacted a Phoenix-area TV station in early June after receiving a letter from the lender, alerting him to the security breach. The company admitted its secure database was breached May 4, potentially putting at risk thousands of its customers. Lending Company officials refused to comment, saying only that so far, none of its customers or employees has reported identity theft. The company filed a report with Phoenix police. It said it has an idea who the culprit is behind the breach. Source: http://www.kpho.com/news/28116672/detail.html

Information Technology

48. June 6, threatpost – (International) Adobe ships emergency fix for Flash bug. Adobe has released an out-of-cycle update for Flash that fixes a serious vulnerability in the application on all platforms. The bug is a cross-site scripting flaw that can be used in drive-by download attacks and Adobe said it is currently being used in some targeted attacks. Adobe security officials said they first found out about the Flash vulnerability June 3, and the company was able to develop and release a fix for it June 5. The bug exists in Flash running on Windows, Mac OS X, Android, Linux, and Solaris. “An important vulnerability has been identified in Adobe Flash Player and earlier versions for Windows, Macintosh, Linux and Solaris, and Adobe Flash Player and earlier versions for Android. This universal cross-site scripting vulnerability (CVE-2011-2107) could be used to take actions on a user’s behalf on any website or webmail provider, if the user visits a malicious website. There are reports that this vulnerability is being exploited in the wild in active targeted attacks designed to trick the user into clicking on a malicious link delivered in an email message,” Adobe said in its advisory. Source: http://threatpost.com/en_us/blogs/adobe-ships-emergency-fix-flash-bug-060611

49. June 5, Associated Press – (International) Nintendo says U.S. server breached, no data lost. Nintendo was targeted in a recent online data attack, but no personal or company information was lost, the Japanese company said June 5. The server of an affiliate of Nintendo Co.’s U.S. unit was accessed unlawfully a few weeks ago, but there was no damage, according to a company spokesman. “There were no third-party victims,” he said, “but it is a fact there was some kind of possible hacking attack.” Lulz Security claimed credit for the Nintendo attack, posting what they said was a Nintendo server configuration file to the Web. Source: http://www.msnbc.msn.com/id/43283396/ns/technology_and_science-security/

50. June 4, Softpedia – (International) European Sony Website hacked. A breach on Sony’s European Web site was reported June 4. A hacker who goes by the name of Idahc claims to have obtained access to the apps.pro.sony.eu database which contained the personal information of around 120 developers. Extracted data includes usernames, passwords, mobile phone numbers, e-mail addresses and, in some cases, Web sites. Even though the passwords were not stored in plain text, they were hashed with MD5, an algorithm that is known to be insecure. As a result, the hacker managed to recover and include most of them in his public data dump on pastebin.com. Judging by the screenshot released by Idahc, the method of compromise was SQL injection, the same type of attack that led to the recent hacking of many Sony Web sites. Source: http://news.softpedia.com/news/European-Sony-Website-Hacked-204279.shtml

51. June 3, Computerworld – (International) Acer server in Europe reportedly breached. Hacking group Pakistan Cyber Army (PCA) June 3 claimed it had broken into an Acer server in Europe and stolen personal data on about 40,000 people. The group said it also stole several pieces of source code stored on the compromised computer. News of the breach was first reported June 3 by The Hacker News (THN), which published screenshots showing samples of the allegedly compromised data, including names, e-mail addresses, phone numbers, and other information stored on the server. The director of media relations for Acer America said the company’s U.S. operations have no information on the breach. The company is trying to get a response to the PCA claims from its European officials, she added. The breach comes as Acer, the second-largest manufacturer of laptop computers in the world, faces increased scrutiny of its financial reporting practices. Source: http://www.computerworld.com/s/article/9217295/Acer_server_in_Europe_reportedly_breached

52. June 3, Computerworld – (International) Mac scareware gang, Apple trade blows yet again. Scareware makers again changed their fake security software scam June 3, while Apple issued the third signature update in as many days to combat the con. The newest version of what is generically called “MacDefender” appeared June 3, according to a pair of security companies. The phony antivirus program now goes by the name “MacShield,” the fifth title since the early-May appearance of the scheme. Apple in turn released another signature update June 3 to XProtect, the bare bones anti-malware tool tucked into Mac OS X 10.6 (Snow Leopard). According to logs on several Macs, Apple started pushing the update around 7 p.m. June 2 ET. The new signature was labeled “OSX.MacDefender.D” by Apple. Source: http://www.computerworld.com/s/article/9217293/Mac_scareware_gang_Apple_trade_blows_yet_again

53. June 3, The Register – (International) Notorious rootkit gets self-propagation powers. One of the most notorious rootkits acquired a self-propagating mechanism that could allow it to spread to new victims, a security researcher has warned. A new version of the TDSS rootkit, which also goes by the names Alureon and TDL4, is able to infect new machines using two separate methods, a Kaspersky Lab researcher said June 3. The first is by infecting removable media drives with a file that gets executed each time a computer connects to the device. The technique has been around for years and has been used by plenty of other computer worms, including the one known as Conficker. Other than using files with titles such as myporno.avi(dot)lnk and pornmovs(dot)lnk, there is nothing unusual about the way TDSS goes about doing this. The second method is to spread over local area networks by creating a rogue DHCP server and waiting for attached machines to request an IP address. When the malware finds a request, it responds with a valid address on the LAN and an address to a malicious DNS server under the control of the rootkit authors. The DNS server then redirects the targeted machine to malicious Webvpages. “After these manipulations, whenever the user tries to visit any web page, s/he will be redirected to the malicious server and prompted to update his/her web browser,” the researcher wrote. “The user will not be able to visit websites until sh/he agrees to install an ‘update.’ “ Source: http://www.theregister.co.uk/2011/06/03/tdss_self_propagation_powers/

Communications Sector

54. June 6, GSMA Mobile Business Briefing – (International) Docomo network glitch hits 1.72M users. Japanese mobile market leader NTT Docomo said June 6 a mysterious network glitch was affecting up to 1.72 million mobile customers, making it difficult for them to make calls or send messages. According to a Dow Jones Newswires report, the fault was first registered the morning of June 6 Japanese time) in the greater Kanto region, which includes Tokyo. A Docomo spokesman said trouble at a facility that processes phone number information likely led to network connection problems, and that these problems caused people to make repeated attempts to call or send messages, exacerbating the situation by increasing the burden on base stations. Eight hours after the problem was flagged, the operator said on its Web site the situation was gradually improving. However, the spokesman said the firm was not sure when the situation would return to normal. The 1.72 million subscribers thought to be affected by the problem represent almost 3 percent of Docomo’s 58 million mobile customer base. Source: http://www.mobilebusinessbriefing.com/article/docomo-network-glitch-hits-1-72m-users

No comments: