Friday, October 28, 2011

Complete DHS Daily Report for October 28, 2011

Daily Report

Top Stories

• The Chemical Safety Board said in a new report that 26 incidents since 1983 that killed 44 people near oil and gas facilities could have been prevented with basic security measures, warning signs, and safer storage tanks. – EHS Today (See item 2)

2. October 27, EHS Today – (National) Chemical Safety Board: oil and gas exploration and production sites are hazardous to the public. On October 27, the Chemical Safety Board (CSB) issued recommendations to the U.S. Environmental Protection Agency, state regulators, the National Fire Protection Association (NFPA), and the American Petroleum Institute (API) aimed at reducing fires and explosions at oil and gas exploration and production facilities. A new report from CSB identifies 26 incidents since 1983 that killed 44 people and injured 25 others under the age of 25. Three of the explosions included in the report occurred at oil and gas production facilities in Mississippi, Oklahoma and Texas that killed and injured members of the public between October 2009 and April 2010. The report found children and young adults frequently socialize at oil sites in rural areas, unaware of the explosion hazards from storage tanks that contain flammable hydrocarbons like crude oil and natural gas condensate. The unintentional introduction of an ignition source (such as a match, lighter, cigarette or static electricity) near tank hatches or vents can trigger an internal tank explosion, often launching the tank into the air, killing or injuring people nearby. "After reviewing the work of our investigators I believe that these incidents were entirely preventable," said the CSB Chairman. "Basic security measures and warning signs –- as well as more safely designed storage tanks -– will essentially prevent kids from being killed in tank explosions at these sites." Source:

• Eleven people, including two doctors, were charged in a major fraud scheme in which hundreds of workers for Long Island Railroad made false disability claims that may have cost a federal pension agency as much as $1 billion. – New York Times (See item 44)

44. October 27, New York Times – (New York) 10 arrested in $1 billion L.I.R.R. disability scheme. Eleven people, including two doctors and a former union president, were charged October 27 in a major fraud scheme in which hundreds of workers for Long Island Rail Road (LIRR) in New York made false disability pension claims that may have cost a federal pension agency $1 billion, according to court papers. A total of 10 of the defendants — seven former railroad workers charged with making false pension claims, the former union president, a former federal railroad pension agency employee who helped the workers file the claims, and one of the doctors — were taken into custody in the early morning hours at their homes by FBI agents and state investigators, officials said. The other doctor was expected to surrender in the coming days. All were charged with mail fraud and conspiracy to commit health care fraud, according to a criminal complaint filed in the case. The defendants in custody were expected to be arraigned October 27 in federal court in Manhattan. The federal investigation followed reporting by The New York Times for a series of articles published in 2008 that revealed systematic abuses of Railroad Retirement Board pensions by LIRR workers. The Times articles reported that virtually every career employee of the railroad was applying for and receiving disability payments, giving the LIRR a disability rate of three to four times that of the average railroad. The two doctors, board-certified orthopedists, were paid between $800 to $1,200 for each fake assessment and narrative, in addition to millions in health insurance payments they received for unnecessary medical treatments and fees for preparing false medical records to support the disability claims, the complaint said. Source:


Banking and Finance Sector

21. October 26, Reuters – (Massachusetts) Massachusetts charges BNY Mellon with forex fraud. Massachusetts' top securities regulator charged Bank of New York (BNY) Mellon October 25 with fraud for having allegedly overcharged the state's pension fund on currency trades for more than a decade. In an administrative complaint, the secretary of the commonwealth said the bank had applied undisclosed markups in currency trading while acting as a custodian for the state's $46 billion pension fund. "In reality, BNY Mellon's Standing Instruction Service was a hidden scheme that rigged the pricing of non-negotiated foreign exchange transactions while maximizing profits for the bank," the secretary said in the complaint. Massachusetts has now joined a handful of states aking action against companies like BNY Mellon and Boston-based State Street Corp., saying they cheated public pension funds on currency transactions by failing to charge the funds the rates the banks paid, and instead forcing them to pay the day's highest rates, and pocketing the difference. An audit by Massachusetts shows BNY Mellon, the world's biggest custodial bank, overcharged Massachusetts by $30.5 million since 2000. The state's treasurer said earlier this year that Massachusetts had paid nearly eight times as much as other customers did for certain transactions. Source:

22. October 26, Bloomberg – (New York; New Jersey) Securities trader Kupersmith indicted for $60 million fraud. A stock trader and five alleged shell companies were charged October 26 with taking part in $60 million in allegedly illegal stock trades. The trader used assumed identities to create the companies, defrauding at least six broker-dealers of more than $830,000, a Manhattan district attorney said. He told the dealers the companies were well-financed and had relationships with reputable banks, when in fact they had no such relationships, the district attorney said. The district attorney’s investigation, coinciding with probes by the U.S. attorney’s office in New Jersey and the U.S. Securities and Exchange Commission, covered trades from 2008 to 2010 through New York-based Antibe Arbitrage Group Inc. and Northbrae Capital Group Inc. and New Jersey-based Atlantic Southern Capital Group Inc., Fullerton Capital Group Inc.,and Oxford Smith Advisors LLC, authorities said. The trader faces charges of first- and second-degree grand larceny, scheming to defraud, and violating general business law. Source:

Information Technology Sector

51. October 27, – (International) Cisco warns of remote code flaw in Security Agent software. Cisco is advising administrators to update systems following the discovery of a remote code execution vulnerability in Security Agent 6.0, reported October 27. The flaw could allow an attacker to remotely target the Oracle Outside component for the Fusion Middleware platform to access the Cisco software on Windows systems. Cisco said in a security advisory successful exploitation would allow the attacker to execute code and control the targeted system with administrator rights. Cisco has released a free patch and is advising customers to obtain the Cisco Security Agent fix through their service provider or hardware retailer. No other mitigations for the vulnerability are known. Proof-of-concept code for the flaw has been posted, but Cisco has not received any reports of the vulnerability being exploited in the wild. No other products or components are believed to be affected. Source:

52. October 27, Help Net Security – (International) Fake DHL delivery notification carries info-stealer Trojan. Malware peddlers have once again started a spam run that consists of e-mails purportedly sent by DHL, Help Net Security reported October 27. They spoofed the sender information, making it look like the e-mail was sent from "DHL Express International Support," and the subject line says it is a "DHL Express Notification for shipment for 26 Oct 2011," said MX Lab. Apart from the usual (legitimate) information about the company, the e-mail contains a request not to reply to the e-mail as it is used by an automated application, and an invite to open the attached file for more details about the shipment: When unzipped, the attached file reveals an executable — DHL-Delivery-Notification-Message-102611(dot)exe. Users are advised to be on the lookout for this spam e-mail and to delete it without opening, because the attached executable seems to be a Zbot Trojan variant currently detected only by a few AV solutions. It is also likely the date in the subject line will probably be changed if the campaign continues for a few days, so slight variations of the e-mail can be expected. Source:

53. October 27, Help Net Security – (International) Cisco WebEx Player WRF file processing vulnerabilities. Multiple buffer overflow vulnerabilities exist in the Cisco WebEx Recording Format (WRF) player, Help Net Security reported October 27. In some cases, exploitation of the vulnerabilities could allow a remote attacker to execute arbitrary code on the system with the privileges of a targeted user. The Cisco WebEx Players are applications that are used to play back WebEx meeting recordings that have been recorded on a WebEx meeting site or on the computer of an online meeting attendee. The players can be automatically installed when the user accesses a recording file that is hosted on a WebEx meeting site. The Microsoft Windows, Apple Mac OS X, and Linux versions of the players are all affected. Affected versions of the players are those prior to client build T26 SP49 EP40 and T27 SP28. If the WRF player was automatically installed, it will be automatically upgraded to the latest, nonvulnerable version when users access a recording file hosted on a WebEx meeting site. If the WRF player was manually installed, users will need to manually install a new version of the player after downloading the latest version. Cisco has released free software updates that address these vulnerabilities. Source:

54. October 26, TG Daily – (International) Tsunami-A OS X trojan spotted in the wild. Security researchers have identified a new backdoor trojan targeting systems running Mac OS X, TG Daily reported October 26. Tsunami appears to be a port of Troj/Kaiten, a Linux Trojan that embeds itself on a computer system and monitors an IRC channel for further instructions. As a Sophos Security researcher noted, trojans like Tsunami/Kaiten are typically used to drag infected computers into coordinated DDoS (distributed denial-of-service) attacks, which flood a targeted Web site server with a massive amounts of traffic. "It's not just a DDoS tool though," the researcher said. As evidenced by the portion of OSX/Tsunami's source code, "the bash script can be given a variety of different instructions and can be used to remotely access an affected computer." Source:

For more stories, see items 55 and 56 below in the Communications Sector

Communications Sector

55. October 27, Santa Cruz Sentinel – (California) AT&T fixes SLV Internet service outage. AT&T made good on a promise to San Lorenzo Valley, California customers to resume Internet service October 26 after service was interrupted October 25. A fiber cable was accidentally cut the afternoon of October 25 by a Granite Construction crew working on Graham Hill Road in Felton, an AT&T spokesman said. The Graham Hill Road work was a project being done under contract for the county department of public works, according to the department's assistant director. A University of California Santa Cruz employee reported AT&T internet service was out in Ben Lomond and Felton. Some customers in the Pasatiempo area reported a 4-day outage in the first week of October, but a spokesman said he was unaware of that issue. Source:

56. October 26, Associated Press – (Washington) CenturyLink cable cut for second time near Pasco. A contractor doing some plowing south of Pasco, Washington, October 26 accidentally hit a CenturyLink fiber optic cable — the second time in as many days that the cable has been cut, causing outages. It happened about 13 miles south of Pasco. A spokeswoman said it was unclear how the cable was cut twice in the same area since it is well-marked. The cable was cut October 26 by a contractor unrelated to CenturyLink. The 6-hour outage October 25 was caused by a different crew. It affected 911 service in Columbia County and long distance and Internet service in Pasco and Walla Walla for about 20,000 customers. CenturyLink expected repairs to go more quickly October 26. Source:

57. October 26, Radio Survivor – (California) FCC issues $10,000 forfeiture order to Pirate Cat Radio founder. On October 21, the Federal Communications Commission (FCC) posted a notice a forfeiture order for $10,000 was issued to the founder of Pirate Cat Radio for “willfully and repeatedly violating section 301 of the Communications Act of 1934 … by operating an unlicensed radio broadcast station” in San Francisco. The letter is a follow-up to an earlier Notice of Apparent Liability for Forfeiture that was issued to the man August 31, 2009. He responded to that notice October 23, 2009, and claimed he was not involved with the broadcast transmissions of Pirate Cat Radio and that he additionally was ”financially unable” to pay the $10,000 fine. The October 21 forfeiture letter from the FCC discounts his arguments and reiterates the FCC’s finding that Pirate Cat Radio “operated a radio broadcast station without a license issued by the FCC on 87.9 MHz in San Francisco, California.” Source:

No comments: