Wednesday, January 26, 2011

Complete DHS Daily Report for January 26, 2011

Daily Report

Top Stories

• Fire investigators and gas company officials went door to door to check on gas lines in Fairport Harbor, Ohio, January 25 after a gas leak led to fires that destroyed 10 buildings, including an apartment complex. (See item 3)

3. January 25, Willoughby News-Herald – (Ohio) Investigators going door to door in Fairport Harbor checking gas lines. Officials from the state fire marshal’s office were on scene in Fairport Harbor, Ohio, January 25 as fire officials continued to investigate a high pressured gas leak that led to nearly the whole village being evacuated. The Fairport Harbor Fire Investigative Unit worked January 25 with the state fire marshal’s office, and employees from Dominion East Ohio Gas Company will continue to go door to door with a locksmith to check on people’s gas lines, an official from the fire department said. The gas leak resulted in 25 fire departments from all over Ohio responding to multiple structure fires and odor investigations. No one was injured and officials have still not yet released any sort of damage amount, although it’s expected to be significant. Ten buildings — eight homes, one garage and one apartment complex — were rendered uninhabitable. A Public Utilities Commission of Ohio spokesman said a pressure regulator failed to open due to ice forming in a sensor line. “This resulted in the over-pressurization of the residential gas lines, leading to the subsequent fires,” he said. “We have three inspectors on the scene today, two in the field and one in the lab where they are taking apart the equipment in question.” Source:

• Authorities warned about 2,000 Madison Township, Ohio, residents to stay inside because of potentially hazardous fumes from a chemical warehouse fire January 25. (See item 6)

6. January 25, Associated Press – (Ohio) Warehouse fire prompts stay-inside warning in Ohio. Authorities have warned about 2,000 southwest Ohio residents to stay inside because of potentially hazardous fumes from a warehouse fire. A spokesman for the Butler County Emergency Management Agency said several toxic chemicals were inside the Marflex Building Solutions warehouse. The fire broke out around 1:30 a.m. January 25. A dispatcher told the Cincinnati Enquirer no injuries were reported. Fire officials are letting the fire burn itself out. The Madison Township fire chief said dousing it with water could spread toxins into the ground. He said residents could leave for work, but school buses have been kept out of the area. The Marflex Web site said the company makes foundation waterproofing and concrete building products. Source:


Banking and Finance Sector

14. January 25, San Bernardino Press-Enterprise – (California) Murrieta men agree to prison in fraud case. The accused ringleader of a $142-million mortgage and securities fraud centered in Southwest Riverside County, California, agreed January 24 to spend nearly 20 years in state prison rather than go to trial. The suspect, who prosecutors said masterminded the scheme, and his alleged second in command both agreed in court to negotiated guilty pleas. The two men, both from Murrieta, were arrested with five other defendants more than a year ago for their roles in what authorities described as a series of complex investment scams that enabled the top organizers to live lavishly and defraud hundreds of investors in California and Arizona, pushing 201 Riverside County homes into foreclosure. After a day of negotiations at the Riverside County courthouse in Corona, the Riverside County district attorney’s office reached settlements with lawyers for the two men. Source:

15. January 25, ComputerWorld – (National) Govt may soon force banks to impose new online authentication steps. The Federal Financial Institutions Examination Council (FFIEC) could soon release new guidelines for banks to use when authenticating users to online banking transactions. The new guidelines will clarify the FFIEC’s existing guidelines on the subject and more explicitly inform banks about what they need to do to bolster online authentication, an analyst at Gartner said. The analyst recently met with the FFIEC’s IT subcommittee to discuss the updates. The FFIEC is an interagency council that develops standards for the federal auditing of financial institutions by bodies such as the Federal Reserve System and the Federal Deposit Insurance Corp. (FDIC). In 2005, it issued a set of guidelines, titled “Authentication in an Internet Banking Environment.” They called on banks to upgrade their single-factor authentication processes — typically based on user name and passwords — with a stronger, second form of authentication by the end of 2006. The guidance left it largely up to the banks to choose whatever second form of authentication that they felt was the most appropriate for their needs. The FFIEC listed several available authentication technologies that banks could choose from, including biometrics, one-time passwords and token-based authentication. Source:

16. January 25, WLEX 18 Lexington – (Kentucky) Escapee recaptured. On January 24, the Eastern Kentucky Fugitive Task Force arrested an escapee on Lunenburg Court in Louisville. Authorities said the male had fled a halfway house near Paducah. He was arrested on a Kentucky probation warrant, but is a suspect in numerous bank robberies in Fayette, Jefferson, Kenton, Boone, and Campbell Counties. The male is also a suspect in the recent robbery at the Kroger in Shelby County. Shellyville PD, Taylorsville PD, Boone County SO, Covington PD, Kenton County SO, and Campbell County PD partnered with the FBI and U.S. Marshals to recapture the suspect. Source:

17. January 25, Softpedia – (International) Numerous phishing emails with HTML attachments in circulation. Security researchers from Websense warn of several new phishing campaigns that instruct recipients to open rogue HTML files attached to the fake e-mails. Some of them are taking advantage of the U.K. and U.S. tax seasons and spoof the taxation authorities in those countries. A wave of e-mails purporting to come from the HM Revenue & Customs masquerade as tax refund alerts. The e-mails are similar to the common tax return phishing scams, but instead of directing recipients to a malicious page, they instruct them to open the attached HTML form. A separate tax refund phishing campaign spoofs the IRS and tells recipients they are eligible to receive stimulus payments. These fake IRS e-mails also carry a form and instruct people to open it in a JavaScript-enabled browser. Other recent phishing attacks target the customers of several banks and have rogue HTML documents attached to them. Source:

18. January 22, Toronto Sun – (International) Terror cells suspected in Canada. A professor said most terrorist activity uncovered in Canada involves raising money there for operations overseas. The professor said in some cases, extremists will infiltrate legitimate charitable groups and skim money from them, then launder the cash through shady overseas banks in places like Cyprus or Russia. If there was one terrorist plying his trade in the city of Edmonton in Alberta, Canada, there are likely more where he came from, the local professor said. “Terrorist cells typically have four to seven people in them,” said the former Mountie who now teaches at Grant MacEwan University. The professor said the Canadian Security Intelligence Service suspects every major city in Canada likely has a couple of cells working for a variety of terrorist causes around the world. After the Royal Canadian Mounted Police arrested a suspect earlier the week of January 17 on suspicion of orchestrating deadly suicide bombings in Iraq in 2009, they were quick to say the accused posed no threat to anyone in Edmonton. Source:

19. January 21, USA Today – (National) Chase spends $2M to fix errors on military mortgages. JPMorgan Chase (JPM) is issuing checks totaling $2 million to 4,000 U.S. military service members after discovering overcharges and errors in their mortgages. Fourteen service members were improperly forced into foreclosure. Chase has resolved 13 of cases and is working on the remaining one, a Chase spokeswoman said. The errors were made in the loans of service members who requested their rights under the Servicemembers’ Civil Relief Act and came to light after a Marine fighter pilot filed a lawsuit in federal court. The law provides a number of protections to service members, including the right to require a bank to reduce interest rates to 6 percent on loans entered into before active-duty service or mobilization. “We made mistakes, we deeply regret them and are working to fix it in the hopes that this does not happen again,” the Chase spokeswoman said. Source:

Information Technology

51. January 25, H Security – (International) Fedora infrastructure hacked – no damage done. The Fedora Project has confirmed there was an intrusion into its infrastructure January 22, but investigations have shown “no impact on product integrity.” The Fedora Project is a general purpose collection of free and open software including an operating system based on the Linux kernel, sponsored by Red Hat. The announcement of the intrusion by a Fedora Project leader states the project became aware of a problem when a contributor received an e-mail from the Fedora Accounts System, saying his account details had been changed. The Fedora Infrastructure Team investigated and confirmed the account had been compromised. After locking down systems, snap-shotting file systems, and auditing logs, it was found the account, which was only authorized for SSH to, push packages into Fedora’s SCM, and perform builds of Fedora packages, had only changed the account’s SSH key and logged into Source:

52. January 24, Computerworld – (International) Carberp malware sniffs out antivirus use to maximize attack impact. The authors of the new information-stealing Trojan “Carberp” have added a feature that detects which antivirus program is running on victimized PCs, said the chief technology officer at Seculert, an Israeli security start-up. He said criminals added security software detection to make sure they are spending their money wisely. “Cybercriminals for quite some time have paid for ‘antivirus test’ services,” he said. “So they collect the antivirus information from the infected machines in order to check whether the tests they paid for actually work, and that they indeed evade the [software] successfully.” The test services he mentioned are similar to legitimate scanning services such as VirusTotal, which lets users upload suspicious files for scanning by scores of for-a-fee and free antivirus programs. Suspect samples that evade detection are shared with the anti-malware community for use in creating new signatures. Source:

53. January 24, Softpedia – (International) New Buzus distribution campaign generates wave of fake emails. Security researchers from antivirus vendor Sophos warn of a new wave of e-mails distributing a new variant of the Buzus malware, which masquerade as official communications from major Web sites. Some of the rogue e-mails pose as a job application response from Google and purport to come from a resume-thanks@google(dot)com address. The message instructs recipients to open the attached file which is allegedly a review of the submitted application. The file, called, contains an installer for the Buzus worm which spreads by sending the e-mails through an external SMTP server and copying itself to removable USB devices. The malware, detected as W32/AutoRun-BHX by Sophos, is also known to create copies of itself within folders usually shared by P2P applications with names suggesting cracks for popular applications. Source:

Communications Sector

54. January 25, Cypress Times – (National) Two individuals plead guilty to defrauding FCC video relay service program. Two individuals pleaded guilty for their participation in a conspiracy to defraud the Federal Communications Commission’s (FCC) Video Relay Service (VRS) program. The suspects pleaded guilty before U.S. District Court in Trenton, New Jersey, to one count of conspiracy to commit wire fraud and mail fraud. The suspects were indicted in the fall of 2009, along with others alleged to have been involved in the criminal conspiracy. The defendants and their co-conspirators are alleged to have caused the FCC to pay millions of dollars in fraudulent reimbursements. Thompson and Hutchinson both conspired with others to generate illegitimate VRS call minutes for reimbursement by the FCC. Source:

55. January 24, Softpedia – (International) Vodafone Australia shuts down dealer following data breach. Vodafone Australia has terminated business relationships with one of its primary dealers after evidence showed the company engaging in unethical business practices and violating customer privacy. The Sydney Morning Herald recently obtained internal e-mails from Communications Direct Pty Ltd, a company calling itself Vodafone’s “largest premium partner,” which showed senior managers instructing employees to impersonate customers and exploit the dealer’s privileged access to the operator’s database. According to a report in the newspaper, Comms Direct engaged in a number of dubious practices one of them called “Siebel farming,” after the name of the customer relationship management application used by Vodafone. Siebel farming involved Comms Direct staff searching the operator’s database for customers whose contracts were about to expire and calling them to offer better deals. If they agreed, the company’s employees called Vodafone’s hotlines and impersonated them in order to cancel their contracts before signing them up for new ones. The purpose of this was to earn higher commissions, as the payout for new contracts is double that for renewals. Source:

56. January 24, Softpedia – (International) Fake CCTV websites infect Chinese users with adware. Security vendor Websense warns cybercriminals are infecting Chinese users with adware by spoofing the China Central Television (CCTV) Web site and Internet TV application. “First, the hackers create an imitation CCTV site that has a name that is close to CCTV.COM (e.g. CCTVxxx.COM),” the Websense researchers explained. The malware distributed in this attack has a very low detection rate on Virus Total, with only 6 from 43 antivirus engines picking it up as malicious. CCTV Box allows users to watch the network’s programming over the Internet and is very popular in China, giving attackers a large pool of potential victims. Source: