Thursday, August 25, 2011

Complete DHS Daily Report for August 25, 2011

Daily Report

Top Stories

• Firefighters tried to drain propane from a burning rail car to prevent an explosion after the fire forced the evacuation of thousands of homes and the closure of major highways in Lincoln, California. – Associated Press (See item 2)

2. August 24, Associated Press – (California) Firefighters try bold step to end Calif. rail fire. Firefighters August 24 tried to drain propane from a burning rail car in a bold maneuver meant to head off an explosion after the blaze forced the evacuation of thousands of people in Lincoln, California. Officials decided to take the step after consulting with members of a national response team from Houston, who were flown in overnight to offer advice, the Lincoln fire chief said. Fire officials initially said the blaze could continue for 21 days, but the chief said that scenario was unacceptable. Between 4,000 and 5,000 homes in the city of 40,000 were evacuated, and students in the area were missing their first days of school. The chief said firefighters now hope to have the blaze under control within 24 to 48 hours. Officials were trying to head off a potentially catastrophic failure of the 29,000-gallon tank. A buildup of heat could lead to an explosion and fireball several hundred yards wide. An explosion also could throw metal shards up to a mile away, prompting officials to order mandatory evacuations within a 1-mile radius. The chief said firefighters had managed to keep the tanker cool since it caught fire August 23, but worried it was showing signs of melting. It was burning at the Northern Propane Energy yard. It was surrounded by trucks, other rail cars and storage tanks with at least 170,000 gallons of additional propane that the chief said were "at risk" as the fire burned. A gas pipeline also runs through the area. One worker at the rail yard was injured in the initial fire and suffered flash burns, but has been released from the hospital. The chief said the procedure to drain the rail car of propane, called a "hot tap," would begin later August 24. He said the tanker would remain in place as firefighters attach a pipe and drain the propane into a hole to be dug by bulldozers. The propane would then be ignited and allowed to burn itself out, a process that will take several hours and produce black smoke. Highway 65, a major commuter thoroughfare between Sacramento and Lincoln, remained closed near the blaze. Source:

• State and federal agents August 23 cracked down on South Florida pill mills, dismantling the nation's largest criminal organization, which had made $40 million by illegally distributing more than 20 million painkillers. – Reuters (See item 36)

36. August 23, Reuters – (Florida) Agents dismantle alleged pill mills that netted $40 million. State and federal agents cracked down August 23 on South Florida pill mills, dismantling what was described as the nation's largest criminal organization involved in illegally distributing painkillers. Authorities charged 32 doctors, pain clinic owners, and workers with illegally prescribing more than 20 million painkillers and reaping more than $40 million in profits from 2008 to early 2010. The clinics wrote prescriptions for large quantities of oxycodone, which authorities said were used by traffickers and addicts. The indictment said many in the newly charged group were also involved in the illegal Internet distribution of anabolic steroids, and some engaged in wide-ranging violence, including kidnapping, extortion, other crimes against competitors, and people they suspected of disloyalty. The five-count indictment includes racketeering, money laundering, and wire and mail fraud conspiracy charges. Thirteen of those charged were doctors ranging in age from 36 to 76 who worked at the pain clinics. Demand for the prescription drugs has grown to epidemic proportions in Florida and other parts of the United States, where dealers can sell a 30-milligram oxycodone pill on the street for $10 to $30 or more, authorities have said. Florida leads the nation in diverted prescription drugs, according to the U.S. Attorney General's office. Seven people die in the state each day from drug overdoses. Source:


Banking and Finance Sector

14. August 24, Associated Press – (Arizona) Man arrested in string of 12 Ariz. bank robberies. An unemployed man accused of holding up 12 banks in the Phoenix, Arizona area was arrested on 16 counts of armed robbery and using a firearm while committing a crime, authorities said August 23. He was indicted August 18 in the alleged spree over a 10-month period. Investigators linked the robberies based on the method of operation and the robber's physical appearance. They all occurred in the Phoenix suburbs of Gilbert, Mesa, Chandler, Tempe, and Scottsdale between September 2010 and July 2011. An FBI special agent said the suspect carried a black binder during each of the robberies, approached tellers with a note and demanded money. Sometimes a black gun could be seen inside the binder, the complaint said. The break in the case came after the most recent robbery in Gilbert July 20, when bank employees followed the suspect outside while calling 911. Gilbert police officers pulled over a vehicle being driven by the suspect. Officers found an unloaded black gun, a note demanding money, and a black binder stuffed with cash in the car.


15. August 24, KWTX 10 Waco – (Texas) Blue Jacket Bandit convicted of robbing local bank. A man was convicted of bank robbery August 23 in a Waco, Texas federal court. He was convicted on all four counts associated with a series of bank robberies and could face up to 37 years. The man, government lawyers said, was part of a two-man team that held up five banks along Interstate 35 between January 19 and February 11, 2010. He was accused of bank robberies January 19, 2010 at Wachovia Bank in Dallas, February 2, 2010 at Independent Bank in Waco, and February 11, 2010 at the Bank of America in Temple. He was previously convicted in March of the Dallas robbery. The man, prosecutors said, acted with a co-conspirator who was convicted in July in Waco on all five counts in the same string of robberies, and was sentenced to more than 50 years in federal prison. The charges against both men were enhanced by accusations they used firearms during the robberies. Source:

16. August 24, Softpedia – (International) New zeus spin-off threatens users. Security researchers from Kaspersky Lab warn about a new crimeware pack called Ice IX which was built using the zeus source code leaked earlier in 2011. Ice X is sold on the underground market and can be used to generate custom trojans that join infected computers into botnets. According to a Kaspersky Lab expert, Ice X has been in the wild for some time already and the builder is available for $1,800, a fairly high price considering the entire zeus source code was once advertised for $10,000. ZeuS remains the most popular banking trojan among cyber fraudsters, its infection count currently exceeding that of its closest competitor, SpyEye, four to one. The Ice X trojan is similar to ZBot (zeus bot) and its main purpose is to steal financial information. It does this by hooking into the browser process. However, some variants analyzed by Kaspersky experts also steal Amazon AWS credentials. This aspect might be related to the recent increase in quantity of AWS-hosted malware. Source:

17. August 23, Wall Street Journal – (International) Judge freezes $28 million linked to alleged gambling scheme. A federal judge on August 23 froze more than $28 million that prosecutors said is tied to an illegal gambling operation in the Dutch Caribbean involving a prominent Curacao businessman. A U.S. district judge in Washington issued a restraining order against three UBS investment accounts in Miami allegedly controlled by the subject of a 3-year investigation by Curacao authorities into allegations of money laundering, tax fraud, and forgery. The suspect, a half brother of the Curacao finance minister, is accused of selling millions of dollars in forged lottery tickets out of his gambling businesses in Curacao and St. Martin, known as “Robbie’s Lottery.” The U.S. Department of Justice received a request for assistance from the Curacao public prosecutor’s office in July. In it, Curacao officials alleged the suspect has accumulated more than $52 million in illegal profits through the scheme since 2004. Prosecutors said they established the suspect's control over three companies — Ponsford Overseas Ltd., Carribean Investment Group Ltd., and Tula Finance Ltd .— with assets of about $28 million at UBS. Source:

18. August 23, WXIX 19 Newport – (Kentucky) Former bank president pleads guilty to embezzlement. The former president and chief executive officer of a Falmouth, Kentucky bank admitted she embezzled more than $2 million. The 50-year-old pleaded guilty August 22 in federal court to an embezzlement charge and admitted that from March of 2003 until January 26 of this year, she embezzled $2,244,506.44 from United Kentucky Bank. According to the plea agreement, she transferred money belonging to the bank into accounts owned by her husband and her two sons. She then falsified bank records to conceal her criminal conduct from auditors. She worked as the bank president for 2 years. Prior to that, she had worked as the bank's vice president since the bank opened in 1992. Source:

19. August 23, Los Angeles Times – (California; Oregon) 'Skateboard bandit' guilty of robbing banks in California, Oregon. A bank robber nicknamed the "skateboard bandit" pleaded guilty August 22 to heists across California and Oregon. The 30-year-old entered his plea in federal court in Sacramento, California. He received his nickname from a Sacramento crime task force because tellers reported he sometimes fled by skateboard to a getaway vehicle. A stolen vehicle recovered in Sunnyvale, California, led to his arrest. Authorities recovered $4,900 in cash, a loaded 9-millimeter semi-automatic pistol, a skateboard, and a receipt from a dentist in Oregon. The dentist positively identified the suspect in surveillance photos of the bank robber. He faces up to 100 years in federal prison, and a fine of up to $1.25 million. He was convicted of robbing five banks in 2009: Wells Fargo branches in Modesto, the Sacramento area, San Jose, and Santa Clara, and a Bank of America in Oregon. Source:

20. August 23, Reuters – (National) US: Deutsche Bank knew mortgage co it bought lied. Deutsche Bank AG knew in 2006 that a mortgage company it was preparing to buy lied to the U.S. government about its mortgages, yet went ahead with the purchase and should be held financially responsible, the U.S. Justice Department (DOJ) said August 22. According to the DOJ's amended $1 billion complaint filed with the U.S. district court in Manhattan, New York, Deutsche was "on notice of and expressly assumed responsibility" for wrongdoing at MortgageIT Inc, which it bought in 2007. The government first sued Deutsche and MortgageIT in May, saying they misled the Federal Housing Administration into believing mortgages issued by MortgageIT qualified for federal insurance, when the quality was so poor that nearly one in three defaulted. The government said the bank, in conducting due diligence prior to the merger, knew MortgageIT violated Department of Housing and Urban Development rules, which the Federal Housing Administration (FHA) is part of, and made false representations to the agency. It said Deutsche had access to letters showing MortgageIT did not review all early payment defaults, and had access to managers who knew misconduct was taking place. The compliant said that of the more than 39,000 loans MortgageIT approved for FHA insurance between 1999 and 2009, more than 12,900 were in default by June, up from 12,500 in February. The amended complaint also adds two Deutsche units as defendants, DB Structured Products Inc., and Deutsche Bank Securities Inc. Source:

Information Technology Sector

45. August 24, IDG News Service – (International) Twitter turns on SSL encryption for some users. Twitter is slowly turning on automatic encryption on its Web site, a move following other major providers of Web-based services to thwart account hijacking over wireless networks. Twitter has offered an option for users to turn on Secure Sockets Layer (SSL) encryption, but said August 23 it will turn the feature on by default for some users. It did not indicate when the option would be turned on by default for all users. SSL encryption, indicted by "https" in the URL bar and sometimes a padlock in the browser window, is an encryption protocol used to protect communication between a client and a server. It is important to use because unencrypted information passed over wireless networks can be intercepted. Source:

46. August 24, H Security – (International) PHP 5.3.8 fixes cryptographic function bug. The PHP developers issued version 5.3.8 of the PHP scripting language to address a serious bug found in the previous release. PHP 5.3.8 fixes a bug introduced by the 5.3.7 security update that caused the crypt() function to fail if an MD5 salt was given as an argument. The function is used to hash a string, typically a password, but instead of returning the hashed string, the function merely returned the salt itself. The update also corrects a bug that caused mysqlnd SSL connections to hang. The developers noted the PHP 5.2.x series is no longer supported. Source:

47. August 24, H Security – (International) Tool causes Apache Web server to freeze. A previously unknown flaw in the code for processing byte range headers allows version 2.2.x of the Apache Web Server to be crippled from a single PC. An "Apache Killer" Perl script that demonstrates the problem has been published on the Full Disclosure mailing list. The tool sends GET requests with multiple "byte ranges" that will claim large portions of the system's memory space. A "byte range" statement allows a browser to only load certain parts of a document, for example bytes 500 to 1000. This method is used by programs such as download clients to resume downloads that have been interrupted; it is designed to reduce bandwidth requirements. However, it appears that stating multiple unsorted components in the header can cause an Apache server to malfunction. No official patch has been released, but a functional workaround is to use rewrite rules that only allow a single range request in GET and HEAD headers. This should not present a problem for most applications. To enable the rules, administrators must load the Apache Web Server's mod_rewrite module. Another suggested workaround is to use the mod_header module with the RequestHeader unset Range configuration to completely delete any range requests that may be contained in a header. However, this approach is likely to cause more problems than restricting the number of ranges. Source:

48. August 23, Infosecurity – (International) Mozilla plugs critical security holes in latest Firefox browser. Mozilla patched four critical memory safety bugs in the Firefox browser engine. “Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort, at least some could be exploited to run arbitrary code,” Mozilla said. Another bug patched in Firefox 6 allowed unsigned JavaScript code to run a script inside a signed JAR file with the permissions and identity of that file. Mozilla also fixed a critical flaw in the WebGL shader program that ”could cause a buffer overrun and crash in a strong class used to store the shader source code.” Also, the company fixed a potentially exploitable heap overflow in the ANGLE library used by WebGL implementation, and a “dangling pointer vulnerability” in a SVG text manipulation routine. Also fixed in Firefox 6 were two high-risk flaws: credential leakage using Content Security Policy reports, and cross-origin data theft using canvas and Windows D2D. Firefox 6 added domain highlighting in the URL to make phishing attempts more apparent. "The Awesome Bar (URL bar) highlights a Website’s domain name and the identity block is more prominent to help quickly identify where you are on the Web," Mozilla said. Source:

49. August 23, threatpost – (International) Ubuntu fixes WebKit flaws, other issues with updates. Ubuntu fixed a pile of security vulnerabilities in some of its current releases, including 22 vulnerabilities in the WebKit framework that is part of the operating system. The WebKit flaws include some issues that could be exploited by remote attackers to run code on vulnerable machines. The security vulnerabilities in WebKit affect Ubuntu 10.10 and 10.04 LTS. "A large number of security issues were discovered in the WebKit browser and JavaScript engines. If a user were tricked into viewing a malicious Web site, a remote attacker could exploit a variety of issues related to Web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution," the Ubuntu advisory said. Source:

50. August 23, H Security – (International) Mac OS X Lion fails to check passwords when authenticating via LDAP. A bug in the module for authenticating (Open)LDAP under Mac OS X 10.7.x Lion can result in any password being accepted during log-in –- all that is required is a valid user name. The problem occurs when logging in both via a graphical interface on a client and over the Web via SSH on a server. Lion does not use LDAP to log-in by default; LDAP authentication tends to be used in large infrastructures for centralized user administration (name, password, group, etc.). Apple has been informed of the problem and has apparently succeeded in reproducing it. Additionally, some users are reporting they are completely unable to log-in using LDAP after updating to Lion. Whether or not the problem occurs appears to depend on whether the LDAP server is running on a local or on a separate system. It is not clear whether the problem will be fixed by means of a security update or in the next Lion point release, Mac OS X 10.7.2. At present, the only remedy is to deactivate LDAP authentication for critical services. Source:

For another story see item 16 above in the Banking and Finance Sector

Communications Sector

51. August 23, Ellensburg Daily Record – (Washington) Phone service restored in Upper County. Phone service was restored at 11:30 a.m. August 23 to 3,100 CenturyLink customers in Cle Elum and Easton, Washington. Phone service was lost at 2:30 a.m. August 23 after vandals cut a Fairpoint Telecommunications fiber line in a manhole in Selah, according to a marketing development manager at CenturyLink. The outage hit residential landlines and 911 services. Crews were able to repair the fiber restoring residential and 911 services. Source:

For another story see item 45 above in the Information Technology Sector

No comments: