Monday, January 10, 2011

Complete DHS Daily Report for January 10, 2011

Daily Report

Top Stories

• According to, a chemical spill on the Las Vegas, Nevada strip brought traffic to a grinding halt and sent one man to the hospital, January 6. (See item 6)

6. January 7, – (Nevada) Las Vegas chemical spill brings tech show, traffic to gridlock. The largest technology show in the country was disrupted on its opening day January 6 after a chemical spill on the Las Vegas Strip brought traffic to a grinding halt and sent one man to the hospital. About 200 gallons of sulfuric acid leaked from a pipe that broke outside the entrance of the Wynn Las Vegas. A Clark County, Nevada, spokeswoman said the accidental spill was caused by a contractor filling the pipe with the chemical right outside the resort. The fire department responded at about 8 a.m. PT, and the spill was contained within an hour. Movement along the strip, jammed with traffic on normal days, was gridlocked in the area near the Las Vegas Convention Center and other venues, including the Venetian Hotel, where the Consumer Electronics Show was being held. More than 120,000 were attending the show, and many were trying to make their way via buses, taxis, and cars to the convention center. Both directions of traffic along the strip were closed as hazardous material crews worked to neutralize the acid. The acid is not flammable and there was “minimal risk” of the liquid and fumes spreading because of Las Vegas’ chilly temperatures, in the 40s, a police spokesman said. One man who slipped and fell in the liquid was taken to a local hospital and is reported to be in stable condition. Roads near the entrance of the hotel and on the strip re-opened around noon January 7. Source:

• CNN reports a federal judge ordered a former Central Intelligence Agency (CIA) officer held in custody as a flight risk January 6, after his arrest on charges he disclosed top secret defense information. (See item 33)

33. January 7, CNN – (National) Former CIA officer charged with disclosing defense information. A federal judge in St. Louis, Missouri, ordered a former Central Intelligence Agency (CIA) officer held in custody as a flight risk January 6, after his arrest on charges he disclosed secret defense information, a CNN affiliate producer who was in the courtroom said. The 43-year-old man of O’Fallon, Missouri, is charged in a 10-count indictment with unauthorized retention and disclosure of classified information, mail fraud, and obstruction of justice, the Justice Department (DOJ) said. The suspect has “always maintained his innocence,” the man’s attorney said. The suspect worked at the CIA from May 1993 to January 2002, DOJ said. One of his assignments was working on a top-secret operational program related to the weapons capabilities of certain countries. His role included working with “a human asset,” the department said. He was fired from his job in 2002, it said, adding he had filed discrimination complaints against the CIA before and after he left. The indictment alleges the suspect stole classified information and orally disclosed the contents to a newspaper reporter who was writing a book. Source:


Banking and Finance Sector

13. January 6, United Press International – (National) 600 credit-card numbers stolen at gas pump. Six hundred credit-card numbers were stolen at a Florida gasoline station by an operation that used a credit-card skimmer hidden inside a gas pump, police said. The skimmer, placed at a RaceTrac Petroleum Inc. gas station in Melbourne, Florida, by unknown thieves, recorded customers’ credit-card information every time they swiped their cards to pay for gas, police said January 6. The allegedly stolen data led to complaints of fraudulent credit and debit card charges, police said. “We’ve had about 20 incidents that have been reported involving this particular gas station,” a Melbourne police spokesman told Florida Today. Many of the stolen card numbers were used for purchases in New York City, mostly at a credit union, police said. Police have made no arrests, but “we do have a lead detective working on the case right now,” the spokesman told the newspaper. Source:

14. January 6, Associated Press – (National) Visa claims new software catches more fraud. Credit card companies choose to scrutinize some bits of information for signs of fraud while ignoring others. And those decisions are made in a fraction of a second when approving or denying a sale. Visa, which operates the world’s biggest electronic payment network, spoke publicly January 6 for the first time about new technologies it put in place ahead of the 2010 holidays. The company said the upgraded systems can catch more fraud because its developers figured out ways for the software to look for more signs of bad behavior at once. Some of the variables include the speed of transactions on a particular card, the time of day, the physical distance between transactions, and the type of store. The new software, which rolled out in September, can combine more than a dozen different variables. That is important because the ability to sift through more data increases the odds of catching a fraudulent purchase before it is approved. Visa said upgraded software will allow Visa to spot a greater percentage of fraud. Detection of cross-border fraud, which Visa said it looked at intently for the latest iteration, shows major gains. Source:

15. January 6, Jacksonville Journal-Courier – (Illinois) US Bank evacuated after bag left on floor. A Jacksonville, Illinois, bank was briefly evacuated after someone left a black bag inside. Police were called about 10:20 a.m. January 6 after an elderly woman walked into the foyer of US Bank at 322 W. Morton Ave., dropped a bag on the floor and promptly left. Alarmed about what may be in the bag, bank employees and customers were evacuated from the building. Police arrived and found that the bag contained gym clothes. The bag’s owner was located at her residence and after speaking to her and bank employees, it was decided no charges would be filed. Source:

16. January 6, Softpedia – (National) Infected laptop leads to data breach at Pentagon Federal Credit Union. The Pentagon Federal Credit Union (PenFed) is dealing with a data security breach involving personal and credit card information exposed after a laptop was infected with malware. In a letter sent to the New Hampshire Attorney General’s Office, the credit union’s lawyers revealed the laptop infection was discovered December 12. The malware allowed attackers to access a database containing names, addresses, Social Security numbers, PenFed account numbers, credit, or debit card numbers of current and former members, joint owners, employees, and beneficiaries. The letter states that 514 New Hampshire residents were affected by the incident, but the total number of people involved has not been disclosed. PenFed does not have any indication that the illegaly accessed information was misused so far, but out of caution itreissued all exposed credit and debit cards. The federally chartered credit union started sending notification letters to the affected individuals January 4 in which it offers them a 2-year free subscription to an identity theft protection service from Kroll. Source:

17. January 5, – (New York) FBI searching for ‘Red Coat Bandit’ bank robber. The FBI is asking the public for help in its search for the “Red Coat Bandit” who robbed a Midtown New York City, New York Citibank branch January 4. Just as tellers and bank employees were getting ready to close the bank branch at 411 Fifth Ave. at 37th Street about 6:15 p.m. January 4, a man entered the bank displaying a fake bomb that had wires and a detonator, the FBI said. The robber then threatened to blow up the location and proceeded to rob the bank of an unspecified sum. The “Red Coat Bandit” was described by the FBI as an Indian male, approximately 30 years old and 5 feet 10 inches. He was seen wearing a boonie hat, which is typically a wide-brimmed hate worn by military personnel, a black scarf or ski mask, a red hooded jacket, black gloves, light blue jeans, and beige or tan work boots.


Information Technology

41. January 7, Softpedia – (International) Microsoft postpones patching of two critical 0-day vulnerabilities. Microsoft announced it does not plan to patch two publicly known 0-day vulnerabilities in Internet Explorer and Windows in a release scheduled for January 11. One of the two bulletins announced affects only Windows Vista and is rated as important, while the other affects all supported Windows versions and has a severity rating of critical. These bulletins will not cover an actively exploited vulnerability affecting Internet Explorer 6, 7, and 8 on all Windows types. Identified as CVE-2010-3971, the flaw consists of an use-after-free memory error in the mshtml.dll library and can be exploited to execute arbitrary code remotely. Moreover, in December 2010, a group called Abysssec Security Research announced a reliable exploit for this vulnerability that bypasses the DEP and ASLR protection mechanisms in Windows. A second critical vulnerability that will remain unpatched is located in the Graphics Rendering Engine and affects all Windows versions except Windows 7 and Server 2008 R2. Source:

42. January 7, Associated Press – (Massachusetts; North Carolina) Man pleads guilty to stealing $930,000 in computer equipment. A North Carolina man has pleaded guilty in federal court to charges of stealing nearly $930,000 worth of computer equipment from the EMC Corp. facility where he worked. Prosecutors said he concealed the items in a small bag as he left work at EMC’s Apex, North Carolina facility between 2000 and 2009. He also sold the equipment over the Internet using the identity of a friend, without that person’s knowledge. He pleaded guilty January 6 in U.S. District Court in Boston, Massachusetts to charges including wire fraud and identity theft. Data storage equipment maker EMC is based in Hopkinton, Massachusetts. The man faces up to 32 years in prison at sentencing April 7. Source:

43. January 7, H Security – (International) Expert: Linux capabilities don’t add security. The developer behind the grsecurity project has pointed out most of the privilege control capabilities implemented under Linux carry a significant potential for compromising a system and wreaking other havoc. The intended purpose of capabilities is to prevent that by restricting services and processes to certain operations and specific resources. Among other things, they aim to reduce the effects of successful attacks and can, for example, prevent an exploit for an office tool from installing a back door because the office tool does not have the capabilities required for binding services to network ports. Capabilities can also make it unnecessary to use SUID – Ubuntu and Fedora are considering this approach. OpenWall has reportedly already implemented it in version 3.0, which was released towards the end of December: the standard installation does not contain a single SUID program. Source:

44. January 7, ITProPortal – (International) Apple’s Mac App Store hacked on first day. Apple’s launch of the new Mac App Store January 6 has already been marred with reports of hackers coming up with ways to pirate paid apps on the platform. Hackers have discovered a simple copy-paste method to illegally crack some of the paid apps on store. The method involves replacing the receipt and signature files on a paid app package with ones taken from a free app. According to Apple Insider, Apple provided support for App Store receipts on Mac OS X 10.6.6, but it is clear Apple failed to check the Mac App Store for vulnerabilities like this before launching it. A report on technology blog Daring Fireball said the vulnerability only affects those apps which do not follow Apple’s app validation advice, in which the application is required to check for a valid receipt along with making sure that the receipt matches the app’s bundle ID. Source:

45. January 7, The Register – (International) Facebook riddled by ‘my first ever status message’ scam app. A new survey scam that first appeared January 6 has hoodwinked thousands on Facebook. Users are being induced into filling out a worthless survey on the false promise of a dubious reward — a reminder of their first ever status message on the social networking Web site. These false promises appear as status messages from already fooled surfers, touting a rogue application. Surfers who install the application grant it account privileges — thus allowing it to post from a user’s account, a facility used to spam followers of a compromised account with spam come-ons, continuing the infection cycle. Source:

46. January 7, IDG News Service – (International) Hacked iTunes accounts continue to sell in China. The sale of iTunes accounts that have reportedly been hacked has yet to be stopped by Apple or the Chinese e-commerce site hosting the sellers. Merchants on the Chinese retail site have been selling iTunes and Apple App Store accounts filled with U.S. dollars for bargain prices. Some services allow the purchase of $100 worth of products on iTunes for merely 55 yuan ($8.30). But the Chinese media reported hackers obtained thousands of the accounts sold on the site. The merchants themselves, however, have not said where the accounts have come from. How the users stole the account information, however, is still unclear, the CEO of Chinese security company Knownsec said. Hackers may have originally tried to obtain these accounts by stealing the information on iTunes gift cards. But now they could be developing methods to steal user account information from computers and iPhones, he said. The stolen iTunes accounts are attractive in China because many consumers there have no way to create legitimate accounts of their own. The Chinese iTunes store only accepts payment by credit card, which many Chinese consumers do not have. Source:

47. January 7, IDG News Service – (International) Google enhances e-mail security in Apps. Google has taken a step to stop legitimate e-mail messages sent by its Apps customers from getting caught in spam filters. Administrators for Google Apps can now enable digital signing of those messages, which helps recipients verify the messages came from a known, vetted sender, wrote a Google Enterprise product manager on a company blog. The system uses DKIM, or DomainKeys Identified Mail, which verifies the domain name through which a message was sent by analyzing the message’s cryptographic signature. If the message comes from a domain considered reputable, it will not be filtered out. Some users of Google Apps have complained their e-mail from their custom domain has been blocked even if they have set up a proper Sender Policy Framework (SPF) record. The SPF record allows a domain owner to specify which hosts are allowed to send mail for their domain. Source:

Communications Sector

48. January 7, WBNG 12 Binghamton – (New York) Verizon wireless outage. Many Verizon Wireless customers in the region around Binghamton, New York, were without service January 7. A regional representative for Verizon said there were about 50 wireless towers that lost service around 10:30 a.m. The company did not know what caused the outage, but was looking into what caused the nearly 30-minute loss of service. The representative believed an internal glitch caused the problem. Source: